The Ultimate Guide to Non-Human Identities Report Now Available

JetBrains Breach

NHI Mgmt Group

Overview

In May 2024, a critical vulnerability (CVE-2024-37051) with a CVSS score of 9.3, was reported in JetBrains’ GitHub plugin for IntelliJ-based IDEs. This vulnerability exposed GitHub access tokens to malicious third parties. The issue affected IDEs from version 2023.1 onwards, particularly when handling malicious pull requests integrated with the plugin. Exploited tokens could allow unauthorized access to GitHub repositories, posing a significant security threat to organizations and developers.

Incident Timeline

  • May 29, 2024: JetBrains received an external security report highlighting the vulnerability in the GitHub plugin.

  • June10, 2024: JetBrains investigated the issue, worked on a resolution, and coordinated with GitHub to mitigate potential risks.

  • June12, 2024: JetBrains released updated versions of its IDEs and plugins, along with advisories for users to revoke compromised tokens and update their software.

Incident Analysis

Root Cause

Mishandling of pull request data led to this incident, when the plugin processes a pull request containing specially crafted malicious metadata or content. During processing, access tokens used to authenticate the GitHub plugin could be exposed to untrusted parties.

Impact

The attackers could use the stolen token to gain unauthorized access to GitHub repositories, access private projects, or inject malicious code.

Mitigations

  • JetBrains released updated and secured versions of the affected IDEs by June 2024, addressing this vulnerability.

  • Users were advised to revoke all tokens previously issued to the JetBrains GitHub plugin to prevent further threats.

Recommendations

  • Regularly update IDEs and plugins to patched versions.

  • Use fine-grained tokens with limited scopes and expiration dates.

  • Avoid using high privilege tokens in development environments.

  • Educate teams on secure development practices and the risks of third-party integrations.

  • Implement additional security controls like token monitoring and anomaly detection.

Conclusion

This incident highlights the importance of security developers’ environments. By exploiting a gap in the handling of GitHub Pull request data, attackers could potentially compromise sensitive repositories, putting software development and integrity at risk. Organizations must implement proactive approach to manage software dependencies, plugins, and credentials to effectively secure their assets.

About Contact Glossary

Terms & Conditions Privacy policy

Non-Human Identity Mgmt Group

The Non-Human Identity Management Group is the #1 Authority for research and education on Non-Human Identity risks. We provide Independent guidance and expert advice to organizations, helping them understand, manage and secure these huge risks effectively.

Subscribe to our Newsletter

Subscribe

© 2024