CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46829
https://notcve.org/view.php?id=CVE-2022-46829
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented. En JetBrains JetBrains Gateway anterior a 2022.3, un cliente podía conectarse sin un token válido si el host daba su consentimiento. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46828
https://notcve.org/view.php?id=CVE-2022-46828
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. En JetBrains IntelliJ IDEA antes de 2022.3 era posible una inyección DYLIB en macOS. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-691: Insufficient Control Flow Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46827
https://notcve.org/view.php?id=CVE-2022-46827
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible. En JetBrains IntelliJ IDEA antes de 2022.3, era posible un ataque XXE que conducía a SSRF a través de solicitudes a repositorios de complementos personalizados. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46826
https://notcve.org/view.php?id=CVE-2022-46826
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. En JetBrains IntelliJ IDEA anterior a 2022.3, el servidor web integrado permitía leer un archivo arbitrario explotando una vulnerabilidad de path traversal. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46825
https://notcve.org/view.php?id=CVE-2022-46825
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects. En JetBrains IntelliJ IDEA anterior a 2022.3, el servidor web integrado filtró información sobre proyectos abiertos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •