CVE-2024-5899

June 18, 2024, 9:15 a.m.

None
No Score

Description

When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one.  We recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins.

Product(s) Impacted

Product Versions
IntelliJ IDEA Bazel Plugin
  • ['2024.06.04.0.2 or later']
CLion Bazel Plugin
  • ['2024.06.04.0.2 or later']
Android Studio Bazel Plugin
  • ['2024.06.04.0.2 or later']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stable
https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vg

Tags

CWE-20
cve-coordination@google.com
2024-06-18
CVE-2024-5899

Timeline

Published: June 18, 2024, 9:15 a.m.
Last Modified: June 18, 2024, 9:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve-coordination@google.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.