Back

CVE-2024-5899

June 18, 2024, 9:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

IntelliJ IDEA Bazel Plugin

  • 2024.06.04.0.2 or later

CLion Bazel Plugin

  • 2024.06.04.0.2 or later

Android Studio Bazel Plugin

  • 2024.06.04.0.2 or later

Source

cve-coordination@google.com

Tags

CWE-20
cve-coordination@google.com
2024-06-18
CVE-2024-5899

CVE-2024-5899 details

Published : June 18, 2024, 9:15 a.m.
Last Modified : June 18, 2024, 9:15 a.m.

Description

When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one.  We recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-20 Improper Input Validation The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

URL Source
https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stable cve-coordination@google.com
https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vg cve-coordination@google.com
This website uses the NVD API, but is not approved or certified by it.