Vulnerabilities > Jetbrains > Intellij Idea

DATE CVE VULNERABILITY TITLE RISK
2023-03-29 CVE-2022-48433 Insufficiently Protected Credentials vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
network
low complexity
jetbrains CWE-522
7.5
2022-12-22 CVE-2022-47895 Cleartext Transmission of Sensitive Information vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.
network
low complexity
jetbrains CWE-319
7.5
2022-12-22 CVE-2022-47896 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks.
local
low complexity
jetbrains CWE-94
7.8
2022-12-08 CVE-2022-46824 Classic Buffer Overflow vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible.
local
low complexity
jetbrains CWE-120
7.8
2022-12-08 CVE-2022-46825 Inadequate Encryption Strength vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.
local
low complexity
jetbrains CWE-326
3.3
2022-12-08 CVE-2022-46826 Path Traversal vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.
local
low complexity
jetbrains CWE-22
5.5
2022-12-08 CVE-2022-46827 XXE vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
local
low complexity
jetbrains CWE-611
5.5
2022-12-08 CVE-2022-46828 Unrestricted Upload of File with Dangerous Type vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
local
low complexity
jetbrains CWE-434
7.8
2022-09-19 CVE-2022-40978 Uncontrolled Search Path Element vulnerability in Jetbrains Intellij Idea
The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking
local
low complexity
jetbrains CWE-427
7.8
2022-07-28 CVE-2022-37009 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible
local
low complexity
jetbrains CWE-94
7.8