U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): IntelliJ IDEA
  • Search Type: Search All
  • CPE Name Search: false
There are 50 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2024-24941

In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL

Published: February 06, 2024; 5:15:11 AM -0500
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2024-24940

In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives

Published: February 06, 2024; 5:15:10 AM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-51655

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration

Published: December 21, 2023; 5:15:36 AM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-39261

In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions

Published: July 26, 2023; 9:15:10 AM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-38069

In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases

Published: July 12, 2023; 9:15:09 AM -0400
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2022-48433

In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.

Published: March 29, 2023; 9:15:08 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-48432

In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.

Published: March 29, 2023; 9:15:08 AM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-48431

In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.

Published: March 29, 2023; 9:15:07 AM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-48430

In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.

Published: March 29, 2023; 9:15:07 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-47896

In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.

Published: December 22, 2022; 6:15:09 AM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-47895

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.

Published: December 22, 2022; 6:15:09 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-46828

In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.

Published: December 08, 2022; 1:15:10 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-46827

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.

Published: December 08, 2022; 1:15:10 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-46826

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.

Published: December 08, 2022; 1:15:10 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-46825

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.

Published: December 08, 2022; 1:15:09 PM -0500
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2022-46824

In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.

Published: December 08, 2022; 1:15:09 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-40978

The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking

Published: September 19, 2022; 12:15:12 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-37010

In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed

Published: July 28, 2022; 7:15:07 AM -0400
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2022-37009

In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible

Published: July 28, 2022; 7:15:07 AM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-29819

In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible

Published: April 28, 2022; 6:15:08 AM -0400
V3.1: 7.7 HIGH
V2.0: 4.4 MEDIUM