In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
oryginał ENCVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HJetbrains Dottrace
APPJetbrains< 2024.1.72024.2 – 2024.2.8 (bez)2024.3 – 2024.3.4 (bez)Jetbrains Etw Host Service
APPJetbrains< 16.43Jetbrains Resharper
APPJetbrains< 2024.1.72024.2 – 2024.2.8 (bez)2024.3 – 2024.3.4 (bez)Jetbrains Rider
APPJetbrains< 2024.1.72024.2.0 – 2024.2.8 (bez)2024.3.0 – 2024.3.4 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
LPE
Powiązane podatności
CVE-2024-37051CRITICAL9.3PL ✓ten sam produkt
Wyciek tokenu GitHub do stron trzecich w JetBrains IDE
CVE-2025-64456HIGH8.4ten sam produkt
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege ...
CVE-2020-7906HIGH7.5ten sam produkt
In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Wind...
CVE-2019-16407HIGH7.3ten sam produkt
JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.
CVE-2019-14960HIGH7.8ten sam produkt
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file.