Lucene search

JetBrainsCVELIST:CVE-2022-29813

HistoryApr 28, 2022 - 9:55 a.m.

CVE-2022-29813

2022-04-2809:55:20

CWE-94

JetBrains

www.cve.org

jetbrains intellij idea

local code execution

custom pandoc path

2022.1

CVSS3

6.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

EPSS

Percentile

5.1%

JSON

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible

CNA Affected

[
  {
    "product": "IntelliJ IDEA",
    "vendor": "JetBrains",
    "versions": [
      {
        "lessThan": "2022.1",
        "status": "affected",
        "version": "2022.1",
        "versionType": "custom"
      }
    ]
  }
]

References

www.jetbrains.com/privacy-security/issues-fixed/

CVSS3

6.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-29813