Vulnerabilities > Jetbrains > Intellij Idea > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-16 | CVE-2024-46970 | Cross-site Scripting vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible | 6.1 |
| 2024-02-06 | CVE-2024-24940 | Path Traversal vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives | 4.3 |
| 2024-02-06 | CVE-2024-24941 | Improper Input Validation vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL | 5.3 |
| 2022-12-08 | CVE-2022-46826 | Path Traversal vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. | 5.5 |
| 2022-12-08 | CVE-2022-46827 | XXE vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. | 5.5 |
| 2022-04-28 | CVE-2022-29813 | Code Injection vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible | 6.7 |
| 2022-04-28 | CVE-2022-29815 | Code Injection vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible | 6.7 |
| 2022-04-28 | CVE-2022-29817 | Cross-site Scripting vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible | 6.1 |
| 2022-04-05 | CVE-2022-28651 | Insufficiently Protected Credentials vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields | 5.5 |
| 2021-02-03 | CVE-2021-25756 | Unspecified vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS. | 5.3 |