CVE-2024-5899 LOW

CVE-2024-5899: Improper trust check in Bazel Build intellij plugin

Vendor Bazelbuild
Product intellij plugin
Weakness CWE-862 · Missing authorization
Published June 18, 2024
Last update September 11, 2025

CVSS base score

1.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one.  We recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins.

Key dates

02Disclosure timeline

June 18, 2024 CVE published
September 11, 2025 Record updated

Related vulnerabilities

04Related CVE