Vulnerabilities > Jetbrains > Intellij Idea

DATE CVE VULNERABILITY TITLE RISK
2024-09-16 CVE-2024-46970 Cross-site Scripting vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
network
low complexity
jetbrains CWE-79
6.1
2024-06-10 CVE-2024-37051 Insufficiently Protected Credentials vulnerability in Jetbrains products
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2024.2 EAP3; PyCharm 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.3, 2024.2 EAP2; Rider 2023.1.7, 2023.2.5, 2023.3.6, 2024.1.3; RubyMine 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP4; RustRover 2024.1.1; WebStorm 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.4
network
low complexity
jetbrains CWE-522
7.5
2024-02-06 CVE-2024-24940 Path Traversal vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
network
low complexity
jetbrains CWE-22
4.3
2024-02-06 CVE-2024-24941 Improper Input Validation vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
network
low complexity
jetbrains CWE-20
5.3
2023-12-21 CVE-2023-51655 Insufficient Verification of Data Authenticity vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration
network
low complexity
jetbrains CWE-345
critical
9.8
2023-07-26 CVE-2023-39261 Execution with Unnecessary Privileges vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions
local
low complexity
jetbrains CWE-250
7.8
2023-07-12 CVE-2023-38069 Improper Check for Unusual or Exceptional Conditions vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases
local
low complexity
jetbrains CWE-754
3.3
2022-12-08 CVE-2022-46824 Classic Buffer Overflow vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.
local
low complexity
jetbrains CWE-120
7.8
2022-12-08 CVE-2022-46825 Inadequate Encryption Strength vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.
local
low complexity
jetbrains CWE-326
3.3
2022-12-08 CVE-2022-46826 Path Traversal vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.
local
low complexity
jetbrains CWE-22
5.5