Vulnerabilities > Jetbrains > Intellij Idea > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-24940 Path Traversal vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
network
low complexity
jetbrains CWE-22
4.3
4.3
2024-02-06 CVE-2024-24941 Improper Input Validation vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
network
low complexity
jetbrains CWE-20
5.3
5.3
2022-12-08 CVE-2022-46826 Path Traversal vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.
local
low complexity
jetbrains CWE-22
5.5
5.5
2022-12-08 CVE-2022-46827 XXE vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
local
low complexity
jetbrains CWE-611
5.5
5.5
2022-04-28 CVE-2022-29813 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible
local
low complexity
jetbrains CWE-94
4.6
4.6
2022-04-28 CVE-2022-29814 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible 		4.4
4.4
2022-04-28 CVE-2022-29815 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible
local
low complexity
jetbrains CWE-94
4.6
4.6
2022-04-28 CVE-2022-29817 Cross-site Scripting vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
network
jetbrains CWE-79
4.3
4.3
2022-04-28 CVE-2022-29819 Code Injection vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible 		4.4
4.4
2022-02-25 CVE-2022-24345 Unspecified vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible.
local
low complexity
jetbrains
4.6
4.6