Vulnerabilities > Jetbrains > Intellij Idea

DATE CVE VULNERABILITY TITLE RISK
2024-09-16 CVE-2024-46970 Cross-site Scripting vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
network
low complexity
jetbrains CWE-79
6.1
2024-06-10 CVE-2024-37051 Insufficiently Protected Credentials vulnerability in Jetbrains products
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
network
low complexity
jetbrains CWE-522
7.5
2024-02-06 CVE-2024-24940 Path Traversal vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
network
low complexity
jetbrains CWE-22
4.3
2024-02-06 CVE-2024-24941 Improper Input Validation vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
network
low complexity
jetbrains CWE-20
5.3
2023-12-21 CVE-2023-51655 Insufficient Verification of Data Authenticity vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration
network
low complexity
jetbrains CWE-345
critical
9.8
2023-07-26 CVE-2023-39261 Unspecified vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions
local
low complexity
jetbrains
7.8
2023-07-12 CVE-2023-38069 Unspecified vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
local
low complexity
jetbrains
3.3
2023-03-29 CVE-2022-48430 Unspecified vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.
network
low complexity
jetbrains
7.5
2023-03-29 CVE-2022-48431 Insufficient Verification of Data Authenticity vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.
local
low complexity
jetbrains CWE-345
7.8
2023-03-29 CVE-2022-48432 Insecure Default Initialization of Resource vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed.
local
low complexity
jetbrains CWE-1188
8.8