Vulnerabilites related to JetBrains - IntelliJ IDEA
CVE-2022-29816 (GCVE-0-2022-29816)
Vulnerability from cvelistv5
Published
2022-04-28 09:55
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Summary
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.1 < 2022.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.1",
"status": "affected",
"version": "2022.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T09:55:24",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-287428"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-29816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.1",
"version_value": "2022.1"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-287428"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-29816",
"datePublished": "2022-04-28T09:55:24",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29813 (GCVE-0-2022-29813)
Vulnerability from cvelistv5
Published
2022-04-28 09:55
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.1 < 2022.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.1",
"status": "affected",
"version": "2022.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T09:55:20",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-288269"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-29813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.1",
"version_value": "2022.1"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-288269"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-29813",
"datePublished": "2022-04-28T09:55:20",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24940 (GCVE-0-2024-24940)
Vulnerability from cvelistv5
Published
2024-02-06 09:21
Modified
2025-05-15 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T20:05:56.957514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T19:44:43.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.3.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T09:21:30.488Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2024-24940",
"datePublished": "2024-02-06T09:21:30.488Z",
"dateReserved": "2024-02-01T15:54:47.324Z",
"dateUpdated": "2025-05-15T19:44:43.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40978 (GCVE-0-2022-40978)
Vulnerability from cvelistv5
Published
2022-09-19 16:05
Modified
2024-08-03 12:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.2.2 < 2022.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:28:42.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.2.2",
"status": "affected",
"version": "2022.2.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dmitry Zemlyakov"
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T16:05:08",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-295424"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-40978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "2022.2.2",
"version_value": "2022.2.2"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dmitry Zemlyakov"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-295424"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-40978",
"datePublished": "2022-09-19T16:05:08",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2024-08-03T12:28:42.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29814 (GCVE-0-2022-29814)
Vulnerability from cvelistv5
Published
2022-04-28 09:55
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.1 < 2022.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.1",
"status": "affected",
"version": "2022.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T09:55:21",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-283967"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-29814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.1",
"version_value": "2022.1"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-283967"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-29814",
"datePublished": "2022-04-28T09:55:21",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8316 (GCVE-0-2017-8316)
Vulnerability from cvelistv5
Published
2018-08-03 15:00
Modified
2024-09-16 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- XEE in XML parser
Summary
IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: <173 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.jetbrains.org/?p=idea/adt-tools-base.git%3Ba=commit%3Bh=a778b2b88515513654e002cd51cbe8eb8226e96b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtrack.jetbrains.com/issue/IDEA-175381"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"status": "affected",
"version": "\u003c173"
}
]
}
],
"datePublic": "2017-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XEE in XML parser",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-03T14:57:01",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.jetbrains.org/?p=idea/adt-tools-base.git%3Ba=commit%3Bh=a778b2b88515513654e002cd51cbe8eb8226e96b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtrack.jetbrains.com/issue/IDEA-175381"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-8316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_value": "\u003c173"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XEE in XML parser"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.jetbrains.org/?p=idea/adt-tools-base.git;a=commit;h=a778b2b88515513654e002cd51cbe8eb8226e96b",
"refsource": "CONFIRM",
"url": "http://git.jetbrains.org/?p=idea/adt-tools-base.git;a=commit;h=a778b2b88515513654e002cd51cbe8eb8226e96b"
},
{
"name": "https://youtrack.jetbrains.com/issue/IDEA-175381",
"refsource": "MISC",
"url": "https://youtrack.jetbrains.com/issue/IDEA-175381"
},
{
"name": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/",
"refsource": "MISC",
"url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2017-8316",
"datePublished": "2018-08-03T15:00:00Z",
"dateReserved": "2017-04-28T00:00:00",
"dateUpdated": "2024-09-16T18:23:33.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38069 (GCVE-0-2023-38069)
Vulnerability from cvelistv5
Published
2023-07-12 12:48
Modified
2024-10-22 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:13.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:41:22.302954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:59:39.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T12:48:23.129Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2023-38069",
"datePublished": "2023-07-12T12:48:23.129Z",
"dateReserved": "2023-07-12T12:43:58.453Z",
"dateUpdated": "2024-10-22T17:59:39.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48433 (GCVE-0-2022-48433)
Vulnerability from cvelistv5
Published
2023-03-29 12:07
Modified
2025-02-12 16:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:22:01.455220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:22:14.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T12:07:22.996Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-48433",
"datePublished": "2023-03-29T12:07:22.996Z",
"dateReserved": "2023-03-29T12:04:28.276Z",
"dateUpdated": "2025-02-12T16:22:14.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29817 (GCVE-0-2022-29817)
Vulnerability from cvelistv5
Published
2022-04-28 09:55
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.1 < 2022.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.1",
"status": "affected",
"version": "2022.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T09:55:26",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-283994"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-29817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.1",
"version_value": "2022.1"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-283994"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-29817",
"datePublished": "2022-04-28T09:55:26",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46824 (GCVE-0-2022-46824)
Vulnerability from cvelistv5
Published
2022-12-08 17:37
Modified
2025-04-23 14:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:23:40.856669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:23:49.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"macOS"
],
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T17:37:52.175Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-46824",
"datePublished": "2022-12-08T17:37:52.175Z",
"dateReserved": "2022-12-08T16:48:47.310Z",
"dateUpdated": "2025-04-23T14:23:49.885Z",
"requesterUserId": "c4d2a3a2-8606-4ae0-b01e-0190731f333d",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47895 (GCVE-0-2022-47895)
Vulnerability from cvelistv5
Published
2022-12-22 10:25
Modified
2025-04-15 14:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:36.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T14:31:37.170819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:31:57.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.3.1 the \"Validate JSP File\" action used the HTTP protocol to download required JAR files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T10:25:41.948Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-47895",
"datePublished": "2022-12-22T10:25:41.948Z",
"dateReserved": "2022-12-21T15:39:58.760Z",
"dateUpdated": "2025-04-15T14:31:57.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48432 (GCVE-0-2022-48432)
Vulnerability from cvelistv5
Published
2023-03-29 12:07
Modified
2025-02-12 16:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:22:29.201194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:22:37.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn\u0027t sandboxed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T12:07:20.510Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-48432",
"datePublished": "2023-03-29T12:07:20.510Z",
"dateReserved": "2023-03-29T12:04:28.040Z",
"dateUpdated": "2025-02-12T16:22:37.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37009 (GCVE-0-2022-37009)
Vulnerability from cvelistv5
Published
2022-07-28 10:25
Modified
2024-08-03 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.2 < 2022.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.2",
"status": "affected",
"version": "2022.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T10:25:10",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-288325"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-37009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.2",
"version_value": "2022.2"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-288325"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-37009",
"datePublished": "2022-07-28T10:25:10",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46827 (GCVE-0-2022-46827)
Vulnerability from cvelistv5
Published
2022-12-08 17:37
Modified
2025-04-22 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T18:07:30.961325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:07:59.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T17:37:58.458Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-46827",
"datePublished": "2022-12-08T17:37:58.458Z",
"dateReserved": "2022-12-08T16:48:48.370Z",
"dateUpdated": "2025-04-22T18:07:59.925Z",
"requesterUserId": "c4d2a3a2-8606-4ae0-b01e-0190731f333d",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28651 (GCVE-0-2022-28651)
Vulnerability from cvelistv5
Published
2022-04-05 17:55
Modified
2024-08-03 05:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Summary
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2021.3.3 < 2021.3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2021.3.3",
"status": "affected",
"version": "2021.3.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T17:55:21",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"advisory": "JetBrains",
"defect": [
"JetBrains"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-28651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2021.3.3",
"version_value": "2021.3.3"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"advisory": "JetBrains",
"defect": [
"JetBrains"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-28651",
"datePublished": "2022-04-05T17:55:21",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:16.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47896 (GCVE-0-2022-47896)
Vulnerability from cvelistv5
Published
2022-12-22 10:25
Modified
2025-04-15 13:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:36.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T13:41:51.131228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:42:02.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T10:25:44.810Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-47896",
"datePublished": "2022-12-22T10:25:44.810Z",
"dateReserved": "2022-12-21T15:39:59.148Z",
"dateUpdated": "2025-04-15T13:42:02.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48430 (GCVE-0-2022-48430)
Vulnerability from cvelistv5
Published
2023-03-29 12:07
Modified
2025-02-12 16:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48430",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:23:14.301005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:23:21.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T12:07:13.119Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-48430",
"datePublished": "2023-03-29T12:07:13.119Z",
"dateReserved": "2023-03-29T12:04:27.183Z",
"dateUpdated": "2025-02-12T16:23:21.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29818 (GCVE-0-2022-29818)
Vulnerability from cvelistv5
Published
2022-04-28 09:55
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-346 - Origin Validation Error
Summary
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.1 < 2022.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.1",
"status": "affected",
"version": "2022.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T09:55:27",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-283586"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-29818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.1",
"version_value": "2022.1"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346 Origin Validation Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-283586"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-29818",
"datePublished": "2022-04-28T09:55:27",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48431 (GCVE-0-2022-48431)
Vulnerability from cvelistv5
Published
2023-03-29 12:07
Modified
2025-02-12 16:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:22:53.151985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:22:58.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the \u201cTrust Project\u201d confirmation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T12:07:17.183Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-48431",
"datePublished": "2023-03-29T12:07:17.183Z",
"dateReserved": "2023-03-29T12:04:27.587Z",
"dateUpdated": "2025-02-12T16:22:58.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29812 (GCVE-0-2022-29812)
Vulnerability from cvelistv5
Published
2022-04-28 09:55
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-176 - Improper Handling of Unicode Encoding
Summary
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.1 < 2022.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.1",
"status": "affected",
"version": "2022.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-176",
"description": "CWE-176: Improper Handling of Unicode Encoding",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T09:55:18",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-284151"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-29812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.1",
"version_value": "2022.1"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-176: Improper Handling of Unicode Encoding"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-284151"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-29812",
"datePublished": "2022-04-28T09:55:19",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32054 (GCVE-0-2025-32054)
Vulnerability from cvelistv5
Published
2025-04-03 16:48
Modified
2025-04-03 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T18:02:42.864582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T18:03:21.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.3, 2024.2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T16:48:35.468Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2025-32054",
"datePublished": "2025-04-03T16:48:35.468Z",
"dateReserved": "2025-04-03T12:02:12.484Z",
"dateUpdated": "2025-04-03T18:03:21.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29815 (GCVE-0-2022-29815)
Vulnerability from cvelistv5
Published
2022-04-28 09:55
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.1 < 2022.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.1",
"status": "affected",
"version": "2022.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T09:55:23",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-283824",
"IDEA-283968"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-29815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.1",
"version_value": "2022.1"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-283824",
"IDEA-283968"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-29815",
"datePublished": "2022-04-28T09:55:23",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46970 (GCVE-0-2024-46970)
Vulnerability from cvelistv5
Published
2024-09-16 10:32
Modified
2024-09-16 13:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T13:29:39.499239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T13:29:49.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T10:32:48.632Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2024-46970",
"datePublished": "2024-09-16T10:32:48.632Z",
"dateReserved": "2024-09-16T10:31:12.769Z",
"dateUpdated": "2024-09-16T13:29:49.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37010 (GCVE-0-2022-37010)
Vulnerability from cvelistv5
Published
2022-07-28 10:25
Modified
2024-08-03 10:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.2 < 2022.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.2",
"status": "affected",
"version": "2022.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.2 email address validation in the \"Git User Name Is Not Defined\" dialog was missed"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T10:25:16",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-291960"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-37010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.2",
"version_value": "2022.2"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.2 email address validation in the \"Git User Name Is Not Defined\" dialog was missed"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-291960"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-37010",
"datePublished": "2022-07-28T10:25:16",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51655 (GCVE-0-2023-51655)
Vulnerability from cvelistv5
Published
2023-12-21 09:57
Modified
2024-08-02 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:34.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-349",
"description": "CWE-349",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T09:57:04.395Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2023-51655",
"datePublished": "2023-12-21T09:57:04.395Z",
"dateReserved": "2023-12-21T09:56:59.233Z",
"dateUpdated": "2024-08-02T22:40:34.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24941 (GCVE-0-2024-24941)
Vulnerability from cvelistv5
Published
2024-02-06 09:21
Modified
2024-08-01 23:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T15:30:56.649442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:31.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:20.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.3.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T09:21:30.981Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2024-24941",
"datePublished": "2024-02-06T09:21:30.981Z",
"dateReserved": "2024-02-01T15:54:47.877Z",
"dateUpdated": "2024-08-01T23:36:20.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29819 (GCVE-0-2022-29819)
Vulnerability from cvelistv5
Published
2022-04-28 09:55
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 2022.1 < 2022.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.1",
"status": "affected",
"version": "2022.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T09:55:28",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"source": {
"defect": [
"IDEA-289398"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@jetbrains.com",
"ID": "CVE-2022-29819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.1",
"version_value": "2022.1"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"source": {
"defect": [
"IDEA-289398"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-29819",
"datePublished": "2022-04-28T09:55:28",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37051 (GCVE-0-2024-37051)
Vulnerability from cvelistv5
Published
2024-06-10 15:58
Modified
2025-02-13 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | JetBrains | IntelliJ IDEA |
Version: 2023.1 ≤ Version: 2023.1 ≤ Version: 2023.1 ≤ Version: 2023.1 ≤ Version: 2023.1 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:intellij_idea:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intellij_idea",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:aqua:2024.1.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aqua",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.5",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "datagrip",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2_eap2",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "datagrip",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "datagrip",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:datagrip:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "datagrip",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.5",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.2",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:dataspell:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dataspell",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP1",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:goland:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "goland",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:mps:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mps",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.1",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:mps:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mps",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.1",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:mps:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mps",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:phpstorm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phpstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:pycharm:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pycharm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rider:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rider",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rider:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rider",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.5",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rider:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rider",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:clion:2023.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clion",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rubymine:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rubymine",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.2 EAP4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:rustrover:2024.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rustrover",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:jetbrains:webstorm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webstorm",
"vendor": "jetbrains",
"versions": [
{
"lessThan": "2024.1.4",
"status": "affected",
"version": "2023.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37051",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T03:55:09.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240705-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aqua",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CLion",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.5",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataGrip",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.5",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DataSpell",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.2",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP1",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GoLand",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MPS",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.2.1",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.1",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PhpStorm",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PyCharm",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP2",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Rider",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.5",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RubyMine",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.3",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.2 EAP4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RustRover",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2024.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WebStorm",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.1.6",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.2.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2023.3.7",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
},
{
"lessThan": "2024.1.4",
"status": "affected",
"version": "2023.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T16:06:01.631Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240705-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2024-37051",
"datePublished": "2024-06-10T15:58:06.021Z",
"dateReserved": "2024-05-31T14:05:53.462Z",
"dateUpdated": "2025-02-13T17:52:58.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46828 (GCVE-0-2022-46828)
Vulnerability from cvelistv5
Published
2022-12-08 17:37
Modified
2025-04-22 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:39.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T18:33:40.852305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:33:56.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"macOS"
],
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-691",
"description": "CWE-691",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T17:37:59.846Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-46828",
"datePublished": "2022-12-08T17:37:59.846Z",
"dateReserved": "2022-12-08T16:48:48.637Z",
"dateUpdated": "2025-04-22T18:33:56.630Z",
"requesterUserId": "c4d2a3a2-8606-4ae0-b01e-0190731f333d",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39261 (GCVE-0-2023-39261)
Vulnerability from cvelistv5
Published
2023-07-26 12:14
Modified
2024-10-23 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T15:40:01.511617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T15:40:10.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2023.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-26T12:14:12.180Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2023-39261",
"datePublished": "2023-07-26T12:14:12.180Z",
"dateReserved": "2023-07-26T12:10:34.971Z",
"dateUpdated": "2024-10-23T15:40:10.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46825 (GCVE-0-2022-46825)
Vulnerability from cvelistv5
Published
2022-12-08 17:37
Modified
2025-04-23 14:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:39.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:23:22.390057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:23:30.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T17:37:54.716Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-46825",
"datePublished": "2022-12-08T17:37:54.716Z",
"dateReserved": "2022-12-08T16:48:47.706Z",
"dateUpdated": "2025-04-23T14:23:30.467Z",
"requesterUserId": "c4d2a3a2-8606-4ae0-b01e-0190731f333d",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46826 (GCVE-0-2022-46826)
Vulnerability from cvelistv5
Published
2022-12-08 17:37
Modified
2025-04-23 14:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JetBrains | IntelliJ IDEA |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:22:54.896320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:23:02.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IntelliJ IDEA",
"vendor": "JetBrains",
"versions": [
{
"lessThan": "2022.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T17:37:56.568Z",
"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"shortName": "JetBrains"
},
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014",
"assignerShortName": "JetBrains",
"cveId": "CVE-2022-46826",
"datePublished": "2022-12-08T17:37:56.568Z",
"dateReserved": "2022-12-08T16:48:48.100Z",
"dateUpdated": "2025-04-23T14:23:02.640Z",
"requesterUserId": "c4d2a3a2-8606-4ae0-b01e-0190731f333d",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}