Vulnerabilities > CVE-2022-46827 - XXE vulnerability in Jetbrains Intellij Idea

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

jetbrains

CWE-611

NVD

Published: 2022-12-08

Updated: 2022-12-12

Summary

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.

Vulnerable Configurations

Part	Description	Count
Application	Jetbrains Jetbrains Intellij Idea - Jetbrains Intellij Idea 9.0.3 Jetbrains Intellij Idea 9.0.4 Jetbrains Intellij Idea 10.5.2 Jetbrains Intellij Idea 11.0 Jetbrains Intellij Idea 11.0.1 Jetbrains Intellij Idea 11.0.2 Jetbrains Intellij Idea 11.1 Jetbrains Intellij Idea 11.1.1 Jetbrains Intellij Idea 11.1.2 Jetbrains Intellij Idea 11.1.3 Jetbrains Intellij Idea 11.1.4 Jetbrains Intellij Idea 11.1.5 Jetbrains Intellij Idea 12.0 Jetbrains Intellij Idea 12.0.1 Jetbrains Intellij Idea 12.0.2 Jetbrains Intellij Idea 12.0.3 Jetbrains Intellij Idea 12.0.4 Jetbrains Intellij Idea 12.1 Jetbrains Intellij Idea 12.1.1 Jetbrains Intellij Idea 12.1.2 Jetbrains Intellij Idea 12.1.3 Jetbrains Intellij Idea 12.1.4 Jetbrains Intellij Idea 12.1.5 Jetbrains Intellij Idea 12.1.6 Jetbrains Intellij Idea 12.1.7 Jetbrains Intellij Idea 12.1.8 Jetbrains Intellij Idea 13.0 Jetbrains Intellij Idea 13.0.1 Jetbrains Intellij Idea 13.0.2 Jetbrains Intellij Idea 13.0.3 Jetbrains Intellij Idea 13.0.4 Jetbrains Intellij Idea 13.0.5 Jetbrains Intellij Idea 13.1 Jetbrains Intellij Idea 13.1.1 Jetbrains Intellij Idea 13.1.2 Jetbrains Intellij Idea 13.1.3 Jetbrains Intellij Idea 13.1.4 Jetbrains Intellij Idea 13.1.5 Jetbrains Intellij Idea 13.1.6 Jetbrains Intellij Idea 13.1.7 Jetbrains Intellij Idea 14.0 Jetbrains Intellij Idea 14.0.1 Jetbrains Intellij Idea 14.0.2 Jetbrains Intellij Idea 14.0.3 Jetbrains Intellij Idea 14.0.4 Jetbrains Intellij Idea 14.0.5 Jetbrains Intellij Idea 14.1 Jetbrains Intellij Idea 14.1.1 Jetbrains Intellij Idea 14.1.2 Jetbrains Intellij Idea 14.1.3 Jetbrains Intellij Idea 14.1.4 Jetbrains Intellij Idea 14.1.5 Jetbrains Intellij Idea 14.1.6 Jetbrains Intellij Idea 14.1.7 Jetbrains Intellij Idea 15.0 Jetbrains Intellij Idea 15.0.1 Jetbrains Intellij Idea 15.0.2 Jetbrains Intellij Idea 15.0.3 Jetbrains Intellij Idea 15.0.4 Jetbrains Intellij Idea 15.0.5 Jetbrains Intellij Idea 15.0.6 Jetbrains Intellij Idea 2016.1 Jetbrains Intellij Idea 2016.1.1 Jetbrains Intellij Idea 2016.1.2 Jetbrains Intellij Idea 2016.1.3 Jetbrains Intellij Idea 2016.1.4 Jetbrains Intellij Idea 2016.2 Jetbrains Intellij Idea 2016.2.1 Jetbrains Intellij Idea 2016.2.2 Jetbrains Intellij Idea 2016.2.3 Jetbrains Intellij Idea 2016.2.4 Jetbrains Intellij Idea 2016.2.5 Jetbrains Intellij Idea 2016.3 Jetbrains Intellij Idea 2016.3.2 Jetbrains Intellij Idea 2016.3.3 Jetbrains Intellij Idea 2016.3.4 Jetbrains Intellij Idea 2016.3.5 Jetbrains Intellij Idea 2016.3.6 Jetbrains Intellij Idea 2016.3.7 Jetbrains Intellij Idea 2016.3.8 Jetbrains Intellij Idea 2017.1 Jetbrains Intellij Idea 2017.1.1 Jetbrains Intellij Idea 2017.1.2 Jetbrains Intellij Idea 2017.1.3 Jetbrains Intellij Idea 2017.1.4 Jetbrains Intellij Idea 2017.1.5 Jetbrains Intellij Idea 2017.1.6 Jetbrains Intellij Idea 2017.2 Jetbrains Intellij Idea 2017.2.1 Jetbrains Intellij Idea 2017.2.2 Jetbrains Intellij Idea 2017.2.3 Jetbrains Intellij Idea 2017.2.4 Jetbrains Intellij Idea 2017.2.5 Jetbrains Intellij Idea 2017.2.6 Jetbrains Intellij Idea 2017.2.7 Jetbrains Intellij Idea 2017.3 Jetbrains Intellij Idea 2017.3.1 Jetbrains Intellij Idea 2017.3.2 Jetbrains Intellij Idea 2017.3.3 Jetbrains Intellij Idea 2017.3.4 Jetbrains Intellij Idea 2017.3.5 Jetbrains Intellij Idea 2017.3.6 Jetbrains Intellij Idea 2017.3.7 Jetbrains Intellij Idea 2018.1 Jetbrains Intellij Idea 2018.1.1 Jetbrains Intellij Idea 2018.1.2 Jetbrains Intellij Idea 2018.1.3 Jetbrains Intellij Idea 2018.1.4 Jetbrains Intellij Idea 2018.1.5 Jetbrains Intellij Idea 2018.1.6 Jetbrains Intellij Idea 2018.1.7 Jetbrains Intellij Idea 2018.1.8 Jetbrains Intellij Idea 2018.2 Jetbrains Intellij Idea 2018.2.1 Jetbrains Intellij Idea 2018.2.2 Jetbrains Intellij Idea 2018.2.3 Jetbrains Intellij Idea 2018.2.4 Jetbrains Intellij Idea 2018.2.5 Jetbrains Intellij Idea 2018.2.6 Jetbrains Intellij Idea 2018.2.7 Jetbrains Intellij Idea 2018.2.8 Jetbrains Intellij Idea 2018.3 Jetbrains Intellij Idea 2018.3.1 Jetbrains Intellij Idea 2018.3.2 Jetbrains Intellij Idea 2018.3.3 Jetbrains Intellij Idea 2018.3.4 Jetbrains Intellij Idea 2018.3.5 Jetbrains Intellij Idea 2018.3.6 Jetbrains Intellij Idea 2019.1 Jetbrains Intellij Idea 2019.1.1 Jetbrains Intellij Idea 2019.1.2 Jetbrains Intellij Idea 2019.1.3 Jetbrains Intellij Idea 2019.1.4 Jetbrains Intellij Idea 2019.2 Jetbrains Intellij Idea 2019.2.1 Jetbrains Intellij Idea 2019.2.2 Jetbrains Intellij Idea 2019.2.3 Jetbrains Intellij Idea 2019.2.4 Jetbrains Intellij Idea 2019.3 Jetbrains Intellij Idea 2019.3.0 Jetbrains Intellij Idea 2019.3.3 Jetbrains Intellij Idea 2019.3.4 Jetbrains Intellij Idea 2020.1 Jetbrains Intellij Idea 2020.2 Jetbrains Intellij Idea 2020.3 Jetbrains Intellij Idea 2021.3.1 Jetbrains Intellij Idea 2022.1 Jetbrains Intellij Idea 2022.2.2	150

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://www.jetbrains.com/privacy-security/issues-fixed/