Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Intellij_idea
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 51 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-09-16 | CVE-2024-46970 | In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible | Intellij_idea | 6.1 | ||
| 2018-08-03 | CVE-2017-8316 | IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | Intellij_idea | 7.5 | ||
| 2019-07-03 | CVE-2019-9186 | In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | Intellij_idea | 9.8 | ||
| 2019-10-01 | CVE-2019-14954 | JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection. | Intellij_idea | 5.9 | ||
| 2020-04-22 | CVE-2020-11690 | In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. | Intellij_idea | N/A | ||
| 2019-10-31 | CVE-2019-18361 | JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. | Intellij_idea | N/A | ||
| 2019-07-03 | CVE-2019-9873 | In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | Intellij_idea | 9.8 | ||
| 2019-07-03 | CVE-2019-9872 | In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | Intellij_idea | 8.1 | ||
| 2019-07-03 | CVE-2019-9823 | In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8. | Intellij_idea | 9.8 | ||
| 2019-07-03 | CVE-2019-10104 | In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | Intellij_idea | 9.8 |