CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48430
https://notcve.org/view.php?id=CVE-2022-48430
29 Mar 2023 — In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47896
https://notcve.org/view.php?id=CVE-2022-47896
22 Dec 2022 — In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47895
https://notcve.org/view.php?id=CVE-2022-47895
22 Dec 2022 — In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46828
https://notcve.org/view.php?id=CVE-2022-46828
08 Dec 2022 — In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. En JetBrains IntelliJ IDEA antes de 2022.3 era posible una inyección DYLIB en macOS. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-691: Insufficient Control Flow Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46827
https://notcve.org/view.php?id=CVE-2022-46827
08 Dec 2022 — In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. En JetBrains IntelliJ IDEA antes de 2022.3, era posible un ataque XXE que conducía a SSRF a través de solicitudes a repositorios de complementos personalizados. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46826
https://notcve.org/view.php?id=CVE-2022-46826
08 Dec 2022 — In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. En JetBrains IntelliJ IDEA anterior a 2022.3, el servidor web integrado permitía leer un archivo arbitrario explotando una vulnerabilidad de path traversal. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46825
https://notcve.org/view.php?id=CVE-2022-46825
08 Dec 2022 — In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. En JetBrains IntelliJ IDEA anterior a 2022.3, el servidor web integrado filtró información sobre proyectos abiertos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46824
https://notcve.org/view.php?id=CVE-2022-46824
08 Dec 2022 — In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. En JetBrains IntelliJ IDEA antes de 2022.2.4, era posible que se produjera un desbordamiento del búfer en el daemon fsnotifier en macOS. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40978
https://notcve.org/view.php?id=CVE-2022-40978
19 Sep 2022 — The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking El instalador de JetBrains IntelliJ IDEA versiones anteriores a 2022.2.2, era vulnerable a un secuestro del orden de búsqueda del EXE • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-427: Uncontrolled Search Path Element •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37010
https://notcve.org/view.php?id=CVE-2022-37010
28 Jul 2022 — In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed En JetBrains IntelliJ IDEA versiones anteriores a 2022.2, la comprobación de la dirección de correo electrónico en el cuadro de diálogo "Git User Name Is Not Defined" ha sido perdida • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-20: Improper Input Validation •