Impact
When IntelliJ imports a project, it typically opens a dialog asking users to explicitly trust the project. The mechanism is described here.
Bazel IntelliJ Plugin also has the ability to import Bazel projects but it does not show the trust project confirmation dialog to the user before opening the project.
Patches
Has the problem been patched? What versions should users upgrade to?
Upgrade your Bazel Plugin version for IntelliJ, CLion and Android Studio to 2024.06.04.0.2 or beyond for the currently supported IDE versions:
- IntelliJ: 2023.3, 2024.1 and 2024.2
- CLion: 2023.3 and 2024.1
- Android Studio: 2023.2 and 2023.3
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Make sure you know the source of any Bazel project you open using the Bazel plugin.
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory:
Open an issue in link
Impact
When IntelliJ imports a project, it typically opens a dialog asking users to explicitly trust the project. The mechanism is described here.
Bazel IntelliJ Plugin also has the ability to import Bazel projects but it does not show the trust project confirmation dialog to the user before opening the project.
Patches
Has the problem been patched? What versions should users upgrade to?
Upgrade your Bazel Plugin version for IntelliJ, CLion and Android Studio to 2024.06.04.0.2 or beyond for the currently supported IDE versions:
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Make sure you know the source of any Bazel project you open using the Bazel plugin.
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory:
Open an issue in link