Intellij Idea@* Security Vulnerabilities and Issues — Intellij Idea@* CVE List

Lucene search

JetbrainsIntellij Idea*

21 matches found

CVE•added 2022/04/05 6:15 p.m.•643 views

CVE-2022-28651

In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields

8.4CVSS5.5AI score0.00001EPSS

CVE•added 2022/02/25 3:15 p.m.•474 views

CVE-2022-24345

In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible.

7.8CVSS7.7AI score0.00001EPSS

CVE•added 2022/09/19 4:15 p.m.•327 views

CVE-2022-40978

The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking

7.8CVSS7.5AI score0.00001EPSS

CVE•added 2022/02/25 3:15 p.m.•263 views

CVE-2022-24346

In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.

7.8CVSS7.7AI score0.00001EPSS

CVE•added 2022/12/08 6:15 p.m.•186 views

CVE-2022-46828

In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.

7.8CVSS7.6AI score0.00002EPSS

CVE•added 2022/04/28 10:15 a.m.•71 views

CVE-2022-29817

In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible

6.1CVSS5.9AI score0.00007EPSS

CVE•added 2022/04/28 10:15 a.m.•63 views

CVE-2022-29814

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible

7.7CVSS7.6AI score0.00002EPSS

CVE•added 2022/04/28 10:15 a.m.•63 views

CVE-2022-29818

In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed

7.1CVSS6.9AI score0.00001EPSS

CVE•added 2022/04/28 10:15 a.m.•59 views

CVE-2022-29819

In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible

7.7CVSS7.7AI score0.00002EPSS

CVE•added 2022/07/28 11:15 a.m.•58 views

CVE-2022-37009

In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible

7.8CVSS7.7AI score0.00003EPSS

CVE•added 2022/04/28 10:15 a.m.•57 views

CVE-2022-29815

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible

6.9CVSS6.7AI score0.00002EPSS

CVE•added 2022/04/28 10:15 a.m.•56 views

CVE-2022-29812

In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient

2.3CVSS4.1AI score0.00001EPSS

CVE•added 2022/04/28 10:15 a.m.•56 views

CVE-2022-29816

In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible

3.2CVSS4.5AI score0.00002EPSS

CVE•added 2022/12/22 11:15 a.m.•53 views

CVE-2022-47896

In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.

7.8CVSS7.6AI score0.00002EPSS

CVE•added 2022/12/08 6:15 p.m.•52 views

CVE-2022-46827

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.

5.5CVSS5.5AI score0.00001EPSS

CVE•added 2022/04/28 10:15 a.m.•51 views

CVE-2022-29813

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible

6.9CVSS6.7AI score0.00002EPSS

CVE•added 2022/12/08 6:15 p.m.•51 views

CVE-2022-46824

In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.

7.8CVSS7.7AI score0.00001EPSS

CVE•added 2022/12/08 6:15 p.m.•48 views

CVE-2022-46825

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.

4CVSS4.1AI score0.00001EPSS

CVE•added 2022/07/28 11:15 a.m.•47 views

CVE-2022-37010

In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed

3.6CVSS4.2AI score0.00001EPSS

CVE•added 2022/12/08 6:15 p.m.•47 views

CVE-2022-46826

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.

6.2CVSS5.5AI score0.00001EPSS

CVE•added 2022/12/22 11:15 a.m.•47 views

CVE-2022-47895

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.

7.5CVSS7.5AI score0.00002EPSS