JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection.
5.9CVSS
5.7AI Score
0.002EPSS
JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution.
5.3CVSS
5.8AI Score
0.0004EPSS
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.
5.3CVSS
5.2AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS.
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
5.5CVSS
5.5AI Score
0.0004EPSS