CVE-2022-48430
https://notcve.org/view.php?id=CVE-2022-48430
In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-47896
https://notcve.org/view.php?id=CVE-2022-47896
In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVE-2022-47895
https://notcve.org/view.php?id=CVE-2022-47895
In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2022-46828
https://notcve.org/view.php?id=CVE-2022-46828
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. En JetBrains IntelliJ IDEA antes de 2022.3 era posible una inyección DYLIB en macOS. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-691: Insufficient Control Flow Management •
CVE-2022-46827
https://notcve.org/view.php?id=CVE-2022-46827
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. En JetBrains IntelliJ IDEA antes de 2022.3, era posible un ataque XXE que conducía a SSRF a través de solicitudes a repositorios de complementos personalizados. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-611: Improper Restriction of XML External Entity Reference •