Vulnerabilities > Jetbrains > Intellij Idea
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-16 | CVE-2024-46970 | Cross-site Scripting vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible | 6.1 |
| 2024-06-10 | CVE-2024-37051 | Insufficiently Protected Credentials vulnerability in Jetbrains products GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4 | 7.5 |
| 2024-02-06 | CVE-2024-24940 | Path Traversal vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives | 4.3 |
| 2024-02-06 | CVE-2024-24941 | Improper Input Validation vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL | 5.3 |
| 2023-12-21 | CVE-2023-51655 | Insufficient Verification of Data Authenticity vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration | 9.8 |
| 2023-07-26 | CVE-2023-39261 | Execution with Unnecessary Privileges vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions | 7.8 |
| 2023-07-12 | CVE-2023-38069 | Improper Check for Unusual or Exceptional Conditions vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases | 3.3 |
| 2023-03-29 | CVE-2022-48430 | Unspecified vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview. | 7.5 |
| 2023-03-29 | CVE-2022-48431 | Insufficient Verification of Data Authenticity vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation. | 7.8 |
| 2023-03-29 | CVE-2022-48432 | Insecure Default Initialization of Resource vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed. | 8.8 |