JetBrains security advisory: Updates for security issue affecting IntelliJ-based IDEs 2023.1+ and JetBrains GitHub Plugin
A new security issue was discovered that affects the JetBrains GitHub plugin on the IntelliJ Platform, which could lead to disclosure of access tokens to third-party sites. CVE-2024-37051 (CVSSv3: 9.3 CRITICAL) GitHub access token could be exposed to third-party sites in JetBrains IDEs. No mention of exploitation.
h/t: @serghei See related Bleeping Computer reporting: JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens
Happy Patch Tuesday from Adobe:
No mention of exploitation.
#PatchTuesday #Adobe #CVE #vulnerability #Acrobat #Photoshop #ColdFusion
You’d really think that the top seven blocked domains on @KagiHQ being @Pinterest indicate that a functional Google would have deboosted them years ago.
(I’m loving Kagi)
School's out, and so are the latest patches from #Microsoft. We're still waiting on the updates from #Adobe. Check out the analysis from @TheDustinChilds as he breaks down the small release from Redmond. https://www.zerodayinitiative.com/blog/2024/6/11/the-june-2024-security-update-review
#Microsoft patches are out. Another small release. Still waiting on #Adobe :-[ Let them patches out! I'll have my full analysis out soon. #PatchTuesday
[ZDI-24-598] (0Day) Microsoft Windows Incorrect Permission Assignment Information Disclosure Vulnerability (CVSS 7.7; Credit: Uncodable)
https://www.zerodayinitiative.com/advisories/ZDI-24-598/
Friendly reminder to submit to GreHack conference: https://grehack.fr/2024/cfp
What's different about GreHack?
- It's a simple one-track conference, but with large audience (usually sold out)
- There's usually a mixture between academic and non-academic presentations. This is enlightening.
On the non-technical side: people are very welcoming, the food is nice (especially for vegetarians), you'll see the snowy Alps, there's an excellent CTF.
https://ioc.exchange/@matthew_d_green/112597849837858606
matts thread here is an important one
I’ve said before and saying again. This is a common problem in vendors - the lack of understandings of the importance/value of new attack vector discovery research.
it has been nearly three months since the last valid #hackerone report against #curl
Just saying.
I bet you can't find anything to report.
🤠
Did anyone realize that #MicrosoftEdge already had a #recall feature? 👀