Lucene search

[email protected]CVE-2022-46827

HistoryDec 08, 2022 - 6:15 p.m.

CVE-2022-46827

2022-12-0818:15:10

CWE-611

[email protected]

web.nvd.nist.gov

jetbrains

intellij idea

cve-2022-46827

xxe

ssrf

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.

Affected configurations

NVD

Node

jetbrainsintellij_ideaRange<2022.3

CPENameOperatorVersion
jetbrains:intellij_ideajetbrains intellij idealt2022.3

CPE	Name	Operator	Version
jetbrains:intellij_idea	jetbrains intellij idea	lt	2022.3

CNA Affected

[
  {
    "vendor": "JetBrains",
    "product": "IntelliJ IDEA",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThan": "2022.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.jetbrains.com/privacy-security/issues-fixed/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2022-46827

nvd1 cvelist1 prion1