Security News > 2024 > June > JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens
JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment apps and exposes GitHub access tokens.
"In particular, malicious content as part of a pull request to a GitHub project which would be handled by IntelliJ-based IDEs, would expose access tokens to a third-party host."
The company has also patched the vulnerable JetBrains GitHub plugin and has since removed all previously impacted versions from its official plugin marketplace.
Due to measures implemented during the mitigation process, the JetBrains GitHub plugin may not function as expected in older versions of JetBrains IDEs.
JetBrains also "Strongly" advised customers who have actively used GitHub pull request functionality in IntelliJ IDEs to revoke any GitHub tokens used by the vulnerable plugin as they could provide potential attackers with access to the linked GitHub accounts even with the added protection of two-factor authentication.
If the plugin was used with OAuth integration or Personal Access Token, they should also revoke access for the JetBrains IDE Integration app and delete the IntelliJ IDEA GitHub integration plugin token.