JetBrains Warns of GitHub Plugin that Exposes Access Tokens | allinfosecnews.com

June 12, 2024, 3:32 p.m. | Aman Mishra

GBHackers On Security gbhackers.com

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and later) exposed access tokens to malicious content within GitHub pull requests, allowing attackers to steal tokens and potentially compromise linked accounts, even with two-factor authentication enabled. JetBrains has addressed the issue with a patch and collaborated with GitHub on mitigation efforts. […]

The post JetBrains Warns of GitHub Plugin that Exposes Access Tokens appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News …

access access tokens accounts attackers authentication compromise critical critical vulnerability cve cve-2024 cve-2024-37051 exploit exposed factor github github plugin issue jetbrains linked accounts linux malware malicious patch plugin pull requests requests steal tokens vulnerability

More from gbhackers.com / GBHackers On Security

Hackers Using Polyglot Files In the Wild, Here Comes PolyConv For Detection 10 hours ago | gbhackers.com

analysis and response calling can +27

Google to offer $250,000 for Full VM Escape Zero-day Vulnerability 11 hours ago | gbhackers.com

android cyber security escape foundational +23

CapraRAT Mimics As Popular Android Apps Attacking Android Users 14 hours ago | gbhackers.com

android android apps android security android users +25

Hackers Using Dropbox And Google Docs To Deliver Orcinius Malware 14 hours ago | gbhackers.com

code cyber-attack docs document +21

Rapid7 to Acquire Noetic Cyber to Enhance Attack Surface Visibility 15 hours ago | gbhackers.com

advanced agreement asset attack +22

Water Sigbin Exploiting Oracle WebLogic Server Flaw 15 hours ago | gbhackers.com

8220 gang code computer security cryptocurrency +33

Grasshopper Hackers Mimic As Penetration Testing Service To Deploy Malware 16 hours ago | gbhackers.com

access assessments attack campaigns attackers +24

regreSSHion – OpenSSH RCE Vulnerability Impacts 700K Linux Systems 16 hours ago | gbhackers.com

code code execution critical critical flaw +27

Cisco NX-OS Zero-Day Command Injection Vulnerability Let Hackers Gain Root Access 16 hours ago | gbhackers.com

access attackers cisco cisco nx-os +24

Ground Systems Engineer - Evolved Strategic SATCOM (ESS)

@ The Aerospace Corporation | Los Angeles AFB

View on infosec-jobs.com

Policy and Program Analyst

@ Obsidian Solutions Group | Rosslyn, VA, US

View on infosec-jobs.com

Principal Network Engineering

@ CVS Health | Work At Home-California

View on infosec-jobs.com

Lead Software Engineer

@ Rapid7 | NIS Belfast

View on infosec-jobs.com

Software Engineer II - Java

@ Rapid7 | NIS Belfast

View on infosec-jobs.com

Senior Software Engineer

@ Rapid7 | NIS Belfast

View on infosec-jobs.com