CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46970
https://notcve.org/view.php?id=CVE-2024-46970
16 Sep 2024 — In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible En JetBrains IntelliJ IDEA antes de 2024.1 era posible la inyección de HTML a través del nombre del proyecto • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 44EXPL: 2CVE-2024-37051
https://notcve.org/view.php?id=CVE-2024-37051
10 Jun 2024 — GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2... • https://github.com/LeadroyaL/CVE-2024-37051-EXP • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24941
https://notcve.org/view.php?id=CVE-2024-24941
06 Feb 2024 — In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL En JetBrains IntelliJ IDEA anterior a 2023.3.3, un complemento para JetBrains Space podía enviar un token de autenticación a una URL inapropiada • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24940
https://notcve.org/view.php?id=CVE-2024-24940
06 Feb 2024 — In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives En JetBrains IntelliJ IDEA antes de 2023.3.3, era posible un path traversal al descomprimir archivos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51655
https://notcve.org/view.php?id=CVE-2023-51655
21 Dec 2023 — In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration En JetBrains IntelliJ IDEA antes de 2023.3.2, la ejecución de código era posible en modo Untrusted Project a través de un repositorio de complementos maliciosos especificado en la configuración del proyecto. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-345: Insufficient Verification of Data Authenticity CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39261
https://notcve.org/view.php?id=CVE-2023-39261
26 Jul 2023 — In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-250: Execution with Unnecessary Privileges •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38069
https://notcve.org/view.php?id=CVE-2023-38069
12 Jul 2023 — In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48433
https://notcve.org/view.php?id=CVE-2022-48433
29 Mar 2023 — In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48432
https://notcve.org/view.php?id=CVE-2022-48432
29 Mar 2023 — In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn't sandboxed. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48431
https://notcve.org/view.php?id=CVE-2022-48431
29 Mar 2023 — In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-345: Insufficient Verification of Data Authenticity •