from Hacker News

IntelliJ GitHub Plugin leaking credentials

by jonahss on 6/13/24, 4:34 PM with 22 comments

• by Merad on 6/13/24, 7:58 PM

  It seems like GitHub is rejecting requests from affected IDE versions. We discovered this yesterday because PR integration was not working even though the GitHub login/token was correct. Issue resolved by upgrading the IDE to the latest version.

• by albert_e on 6/14/24, 4:54 AM

  Off topic -- how does the JetBrains website display "IntelliJ" text in stylized "iJ" at the end of IntelliJ? Some CSS magic?

  I tried editing the text using the developer tools and this styling only applies when the text is IntelliJ or any word that starts with this exact string (case sensitive)

• by orf on 6/13/24, 9:24 PM

  What is the actual vulnerability? The post is super light on details.

• by stuff4ben on 6/13/24, 7:04 PM

  Good idea to rotate your tokens on a regular basis, but in this case, go ahead and do it now (if you use this tool and plugin)

• by mattjaynes on 6/13/24, 8:55 PM

  I have a client who was using JetBrains' TeamCity CI product. Was a clown show of vulnerabilities that allowed attackers access to internals.

  Do not use their products. If you must for some reason, be sure you subscribe to critical CVEs of the products you are using and update them immediately and rotate your credentials. Ideally re-install on a fresh server. Never have the service available via the public web, it will be hacked - only use their products behind a VPN.

  https://blog.jetbrains.com/teamcity/2024/02/critical-securit... https://blog.jetbrains.com/teamcity/2024/03/additional-criti...

• by that_guy_iain on 6/13/24, 6:09 PM

  This is the second time today I’ve seen this but it is dated the 10th how come it’s taken everyone so long to notice?