CVE-2024-5899

EPSS 0.05%
Published 18.06.2024 09:15:09
Last modified 26.09.2025 16:47:12
Source cve-coordination@google.com
Teams watchlist Login
Open Login

When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one. 
We recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Bazel For Android Studio Version < 2024.06.04.0.2

Google ≫ Bazel For Clion Version < 2024.06.04.0.2

Google ≫ Bazel For Intellij Version < 2024.06.04.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.159

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cve-coordination@google.com	1	0	0	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stable

Release Notes

https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vg

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-5899

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-5899

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-5899

EUVD