Refine your search
37 vulnerabilities found for IntelliJ IDEA by JetBrains
CVE-2025-68269 (GCVE-0-2025-68269)
Vulnerability from cvelistv5
Published
2025-12-16 15:27
Modified
2025-12-16 21:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68269",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T21:37:12.777065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T21:37:21.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-349",
"description": "CWE-349",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T15:27:32.582Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-68269",
"datePublished": "2025-12-16T15:27:32.582Z",
"dateReserved": "2025-12-16T13:50:20.860Z",
"dateUpdated": "2025-12-16T21:37:21.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57730 (GCVE-0-2025-57730)
Vulnerability from cvelistv5
Published
2025-08-20 09:13
Modified
2025-08-20 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T15:19:26.560448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:19:37.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T09:13:59.164Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-57730",
"datePublished": "2025-08-20T09:13:59.164Z",
"dateReserved": "2025-08-18T16:11:20.554Z",
"dateUpdated": "2025-08-20T15:19:37.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57729 (GCVE-0-2025-57729)
Vulnerability from cvelistv5
Published
2025-08-20 09:13
Modified
2026-02-26 17:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T03:55:12.387474Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:25.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T09:13:58.579Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-57729",
"datePublished": "2025-08-20T09:13:58.579Z",
"dateReserved": "2025-08-18T16:11:20.244Z",
"dateUpdated": "2026-02-26T17:48:25.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57728 (GCVE-0-2025-57728)
Vulnerability from cvelistv5
Published
2025-08-20 09:13
Modified
2025-08-20 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T15:20:43.242763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:20:52.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T09:13:57.934Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-57728",
"datePublished": "2025-08-20T09:13:57.934Z",
"dateReserved": "2025-08-18T16:11:19.677Z",
"dateUpdated": "2025-08-20T15:20:52.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57727 (GCVE-0-2025-57727)
Vulnerability from cvelistv5
Published
2025-08-20 09:13
Modified
2025-08-20 15:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T15:21:05.438692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:21:13.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2025.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T09:13:57.151Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-57727",
"datePublished": "2025-08-20T09:13:57.151Z",
"dateReserved": "2025-08-18T16:11:19.380Z",
"dateUpdated": "2025-08-20T15:21:13.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32054 (GCVE-0-2025-32054)
Vulnerability from cvelistv5
Published
2025-04-03 16:48
Modified
2025-04-03 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T18:02:42.864582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T18:03:21.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3, 2024.2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T16:48:35.468Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-32054",
"datePublished": "2025-04-03T16:48:35.468Z",
"dateReserved": "2025-04-03T12:02:12.484Z",
"dateUpdated": "2025-04-03T18:03:21.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46970 (GCVE-0-2024-46970)
Vulnerability from cvelistv5
Published
2024-09-16 10:32
Modified
2024-09-16 13:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T13:29:39.499239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T13:29:49.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T10:32:48.632Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2024-46970",
"datePublished": "2024-09-16T10:32:48.632Z",
"dateReserved": "2024-09-16T10:31:12.769Z",
"dateUpdated": "2024-09-16T13:29:49.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37051 (GCVE-0-2024-37051)
Vulnerability from cvelistv5
Published
2024-06-10 15:58
Modified
2025-02-13 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2023.1 ≤ Version: 2023.1 ≤ Version: 2023.1 ≤ Version: 2023.1 ≤ Version: 2023.1 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:aqua:2024.1.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aqua",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.5",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "datagrip",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2_eap2",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "datagrip",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "datagrip",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "datagrip",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.5",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.2",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP1",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:mps:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mps",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.1",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:mps:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mps",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.1",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:mps:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mps",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rider:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rider",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rider:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rider",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.5",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rider:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rider",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rustrover:2024.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rustrover",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37051",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T03:55:09.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240705-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aqua",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CLion",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.5",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataGrip",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.5",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataSpell",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.2",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP1",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GoLand",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MPS",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.2.1",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.1",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PhpStorm",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PyCharm",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Rider",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.5",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RubyMine",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RustRover",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WebStorm",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T16:06:01.631Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240705-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2024-37051",
"datePublished": "2024-06-10T15:58:06.021Z",
"dateReserved": "2024-05-31T14:05:53.462Z",
"dateUpdated": "2025-02-13T17:52:58.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24941 (GCVE-0-2024-24941)
Vulnerability from cvelistv5
Published
2024-02-06 09:21
Modified
2024-08-01 23:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T15:30:56.649442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:31.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:20.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.3.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T09:21:30.981Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2024-24941",
"datePublished": "2024-02-06T09:21:30.981Z",
"dateReserved": "2024-02-01T15:54:47.877Z",
"dateUpdated": "2024-08-01T23:36:20.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24940 (GCVE-0-2024-24940)
Vulnerability from cvelistv5
Published
2024-02-06 09:21
Modified
2025-05-15 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T20:05:56.957514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T19:44:43.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.3.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T09:21:30.488Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2024-24940",
"datePublished": "2024-02-06T09:21:30.488Z",
"dateReserved": "2024-02-01T15:54:47.324Z",
"dateUpdated": "2025-05-15T19:44:43.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51655 (GCVE-0-2023-51655)
Vulnerability from cvelistv5
Published
2023-12-21 09:57
Modified
2024-08-02 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:34.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-349",
"description": "CWE-349",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T09:57:04.395Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2023-51655",
"datePublished": "2023-12-21T09:57:04.395Z",
"dateReserved": "2023-12-21T09:56:59.233Z",
"dateUpdated": "2024-08-02T22:40:34.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39261 (GCVE-0-2023-39261)
Vulnerability from cvelistv5
Published
2023-07-26 12:14
Modified
2024-10-23 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T15:40:01.511617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T15:40:10.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-26T12:14:12.180Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2023-39261",
"datePublished": "2023-07-26T12:14:12.180Z",
"dateReserved": "2023-07-26T12:10:34.971Z",
"dateUpdated": "2024-10-23T15:40:10.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38069 (GCVE-0-2023-38069)
Vulnerability from cvelistv5
Published
2023-07-12 12:48
Modified
2024-10-22 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:13.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:41:22.302954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:59:39.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T12:48:23.129Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2023-38069",
"datePublished": "2023-07-12T12:48:23.129Z",
"dateReserved": "2023-07-12T12:43:58.453Z",
"dateUpdated": "2024-10-22T17:59:39.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48433 (GCVE-0-2022-48433)
Vulnerability from cvelistv5
Published
2023-03-29 12:07
Modified
2025-02-12 16:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:22:01.455220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:22:14.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T12:07:22.996Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-48433",
"datePublished": "2023-03-29T12:07:22.996Z",
"dateReserved": "2023-03-29T12:04:28.276Z",
"dateUpdated": "2025-02-12T16:22:14.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48432 (GCVE-0-2022-48432)
Vulnerability from cvelistv5
Published
2023-03-29 12:07
Modified
2025-02-12 16:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:22:29.201194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:22:37.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn\u0027t sandboxed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T12:07:20.510Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-48432",
"datePublished": "2023-03-29T12:07:20.510Z",
"dateReserved": "2023-03-29T12:04:28.040Z",
"dateUpdated": "2025-02-12T16:22:37.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48431 (GCVE-0-2022-48431)
Vulnerability from cvelistv5
Published
2023-03-29 12:07
Modified
2025-02-12 16:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:22:53.151985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:22:58.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the \u201cTrust Project\u201d confirmation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T12:07:17.183Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-48431",
"datePublished": "2023-03-29T12:07:17.183Z",
"dateReserved": "2023-03-29T12:04:27.587Z",
"dateUpdated": "2025-02-12T16:22:58.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48430 (GCVE-0-2022-48430)
Vulnerability from cvelistv5
Published
2023-03-29 12:07
Modified
2025-02-12 16:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48430",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:23:14.301005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:23:21.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T12:07:13.119Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-48430",
"datePublished": "2023-03-29T12:07:13.119Z",
"dateReserved": "2023-03-29T12:04:27.183Z",
"dateUpdated": "2025-02-12T16:23:21.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47896 (GCVE-0-2022-47896)
Vulnerability from cvelistv5
Published
2022-12-22 10:25
Modified
2025-04-15 13:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:36.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T13:41:51.131228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:42:02.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T10:25:44.810Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-47896",
"datePublished": "2022-12-22T10:25:44.810Z",
"dateReserved": "2022-12-21T15:39:59.148Z",
"dateUpdated": "2025-04-15T13:42:02.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47895 (GCVE-0-2022-47895)
Vulnerability from cvelistv5
Published
2022-12-22 10:25
Modified
2025-04-15 14:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:36.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T14:31:37.170819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:31:57.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.3.1 the \"Validate JSP File\" action used the HTTP protocol to download required JAR files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T10:25:41.948Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-47895",
"datePublished": "2022-12-22T10:25:41.948Z",
"dateReserved": "2022-12-21T15:39:58.760Z",
"dateUpdated": "2025-04-15T14:31:57.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46828 (GCVE-0-2022-46828)
Vulnerability from cvelistv5
Published
2022-12-08 17:37
Modified
2025-04-22 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:39.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T18:33:40.852305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:33:56.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"macOS"
],
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-691",
"description": "CWE-691",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T17:37:59.846Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-46828",
"datePublished": "2022-12-08T17:37:59.846Z",
"dateReserved": "2022-12-08T16:48:48.637Z",
"dateUpdated": "2025-04-22T18:33:56.630Z",
"requesterUserId": "c4d2a3a2-8606-4ae0-b01e-0190731f333d",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46827 (GCVE-0-2022-46827)
Vulnerability from cvelistv5
Published
2022-12-08 17:37
Modified
2025-04-22 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T18:07:30.961325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:07:59.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T17:37:58.458Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-46827",
"datePublished": "2022-12-08T17:37:58.458Z",
"dateReserved": "2022-12-08T16:48:48.370Z",
"dateUpdated": "2025-04-22T18:07:59.925Z",
"requesterUserId": "c4d2a3a2-8606-4ae0-b01e-0190731f333d",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46826 (GCVE-0-2022-46826)
Vulnerability from cvelistv5
Published
2022-12-08 17:37
Modified
2025-04-23 14:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:22:54.896320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:23:02.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T17:37:56.568Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-46826",
"datePublished": "2022-12-08T17:37:56.568Z",
"dateReserved": "2022-12-08T16:48:48.100Z",
"dateUpdated": "2025-04-23T14:23:02.640Z",
"requesterUserId": "c4d2a3a2-8606-4ae0-b01e-0190731f333d",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46825 (GCVE-0-2022-46825)
Vulnerability from cvelistv5
Published
2022-12-08 17:37
Modified
2025-04-23 14:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:39.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:23:22.390057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:23:30.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T17:37:54.716Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-46825",
"datePublished": "2022-12-08T17:37:54.716Z",
"dateReserved": "2022-12-08T16:48:47.706Z",
"dateUpdated": "2025-04-23T14:23:30.467Z",
"requesterUserId": "c4d2a3a2-8606-4ae0-b01e-0190731f333d",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46824 (GCVE-0-2022-46824)
Vulnerability from cvelistv5
Published
2022-12-08 17:37
Modified
2025-04-23 14:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:23:40.856669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:23:49.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"macOS"
],
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T17:37:52.175Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-46824",
"datePublished": "2022-12-08T17:37:52.175Z",
"dateReserved": "2022-12-08T16:48:47.310Z",
"dateUpdated": "2025-04-23T14:23:49.885Z",
"requesterUserId": "c4d2a3a2-8606-4ae0-b01e-0190731f333d",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40978 (GCVE-0-2022-40978)
Vulnerability from cvelistv5
Published
2022-09-19 16:05
Modified
2024-08-03 12:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.2.2 < 2022.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:28:42.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.2.2",
"status": "affected",
"version": "2022.2.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dmitry Zemlyakov"
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T16:05:08.000Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-295424"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-40978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "2022.2.2",
"version_value": "2022.2.2"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dmitry Zemlyakov"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-295424"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-40978",
"datePublished": "2022-09-19T16:05:08.000Z",
"dateReserved": "2022-09-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T12:28:42.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37010 (GCVE-0-2022-37010)
Vulnerability from cvelistv5
Published
2022-07-28 10:25
Modified
2024-08-03 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.2 < 2022.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.2",
"status": "affected",
"version": "2022.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.2 email address validation in the \"Git User Name Is Not Defined\" dialog was missed"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T10:25:16.000Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-291960"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-37010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.2",
"version_value": "2022.2"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.2 email address validation in the \"Git User Name Is Not Defined\" dialog was missed"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-291960"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-37010",
"datePublished": "2022-07-28T10:25:16.000Z",
"dateReserved": "2022-07-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:21:32.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37009 (GCVE-0-2022-37009)
Vulnerability from cvelistv5
Published
2022-07-28 10:25
Modified
2024-08-03 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.2 < 2022.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.2",
"status": "affected",
"version": "2022.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T10:25:10.000Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-288325"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-37009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.2",
"version_value": "2022.2"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-288325"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-37009",
"datePublished": "2022-07-28T10:25:10.000Z",
"dateReserved": "2022-07-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:21:32.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29819 (GCVE-0-2022-29819)
Vulnerability from cvelistv5
Published
2022-04-28 09:55
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.1 < 2022.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.1",
"status": "affected",
"version": "2022.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T09:55:28.000Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-289398"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-29819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.1",
"version_value": "2022.1"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-289398"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-29819",
"datePublished": "2022-04-28T09:55:28.000Z",
"dateReserved": "2022-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:42.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29818 (GCVE-0-2022-29818)
Vulnerability from cvelistv5
Published
2022-04-28 09:55
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-346 - Origin Validation Error
Summary
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.1 < 2022.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.1",
"status": "affected",
"version": "2022.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T09:55:27.000Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-283586"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-29818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.1",
"version_value": "2022.1"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346 Origin Validation Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-283586"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-29818",
"datePublished": "2022-04-28T09:55:27.000Z",
"dateReserved": "2022-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:42.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29817 (GCVE-0-2022-29817)
Vulnerability from cvelistv5
Published
2022-04-28 09:55
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.1 < 2022.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.1",
"status": "affected",
"version": "2022.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T09:55:26.000Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-283994"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-29817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.1",
"version_value": "2022.1"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-283994"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-29817",
"datePublished": "2022-04-28T09:55:26.000Z",
"dateReserved": "2022-04-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:42.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}