Vulnerability Description
When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one. We recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bazel For Android Studio | < 2024.06.04.0.2 | |
| Bazel For Clion | < 2024.06.04.0.2 | |
| Bazel For Intellij | < 2024.06.04.0.2 |
Related Weaknesses (CWE)
References
- https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stableRelease Notes
- https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vgVendor Advisory
- https://github.com/bazelbuild/intellij/releases/tag/v2024.06.04-aswb-stableRelease Notes
- https://github.com/bazelbuild/intellij/security/advisories/GHSA-hh9f-wmhw-46vgVendor Advisory
FAQ
What is CVE-2024-5899?
CVE-2024-5899 is a vulnerability with a CVSS score of 3.3 (LOW). When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the metho...
How severe is CVE-2024-5899?
CVE-2024-5899 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-5899?
Check the references section above for vendor advisories and patch information. Affected products include: Google Bazel For Android Studio, Google Bazel For Clion, Google Bazel For Intellij.