Vulnerability DatabaseCVE-2020-11694

CVE-2020-11694:
JetBrains PyCharm vulnerability analysis and mitigation

Overview

In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included in the software distribution. This vulnerability was identified and tracked as CVE-2020-11694. The issue was discovered by Ruby Nealon and was fixed in PyCharm versions 2019.2.6 and 2019.3.3 (JetBrains Blog).

Technical details

The vulnerability involved the unintended inclusion of Apple Notarization Service credentials in PyCharm distributions for Windows platforms. This represented a significant security risk as it exposed sensitive authentication credentials. The issue was rated as High severity according to JetBrains' security assessment (JetBrains Blog).

Impact

The exposure of Apple Notarization Service credentials could potentially allow unauthorized access to JetBrains' Apple developer resources and services. This could potentially be exploited for malicious purposes, including the ability to notarize unauthorized software using JetBrains' credentials (CVE Mitre).

Mitigation and workarounds

JetBrains addressed this vulnerability by releasing patched versions: PyCharm 2019.2.6 and 2019.3.3. Users of affected versions should upgrade to these or later versions to mitigate the security risk. The fix involved removing the exposed credentials from the software distribution (JetBrains Blog).

Additional resources

Source: This report was generated using AI

Related JetBrains PyCharm vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2021-45977	CRITICAL	9.8	NixOS	cpe:2.3:a:jetbrains:pycharm	No	Yes	Feb 25, 2022
CVE-2021-30005	HIGH	7.8	JetBrains PyCharm	dev-util/pycharm-community	No	Yes	May 11, 2021
CVE-2022-29821	HIGH	7.7	JetBrains PyCharm	cpe:2.3:a:jetbrains:pycharm	No	Yes	Apr 28, 2022
CVE-2024-37051	HIGH	7.5	NixOS	mps	No	Yes	Jun 10, 2024
CVE-2022-29820	LOW	3.5	JetBrains PyCharm	pycharm	No	Yes	Apr 28, 2022

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2020-11694: JetBrains PyCharm vulnerability analysis and mitigation