Page 30 of 431 results (0.008 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented. En JetBrains JetBrains Gateway anterior a 2022.3, un cliente podía conectarse sin un token válido si el host daba su consentimiento. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. En JetBrains IntelliJ IDEA antes de 2022.3 era posible una inyección DYLIB en macOS. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-691: Insufficient Control Flow Management •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. En JetBrains IntelliJ IDEA antes de 2022.3, era posible un ataque XXE que conducía a SSRF a través de solicitudes a repositorios de complementos personalizados. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. En JetBrains IntelliJ IDEA anterior a 2022.3, el servidor web integrado permitía leer un archivo arbitrario explotando una vulnerabilidad de path traversal. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. En JetBrains IntelliJ IDEA anterior a 2022.3, el servidor web integrado filtró información sobre proyectos abiertos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •