Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Intellij_idea
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 51 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-06-10 | CVE-2024-37051 | GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6,... | Aqua, Clion, Datagrip, Dataspell, Goland, Intellij_idea, Mps, Phpstorm, Pycharm, Rider, Rubymine, Rustrover, Webstorm | 7.5 | ||
| 2024-09-16 | CVE-2024-46970 | In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible | Intellij_idea | 6.1 | ||
| 2018-08-03 | CVE-2017-8316 | IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | Intellij_idea | 7.5 | ||
| 2019-07-03 | CVE-2019-9186 | In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. | Intellij_idea | 9.8 | ||
| 2019-10-01 | CVE-2019-14954 | JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection. | Intellij_idea | 5.9 | ||
| 2020-04-22 | CVE-2020-11690 | In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. | Intellij_idea | N/A | ||
| 2019-10-31 | CVE-2019-18361 | JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. | Intellij_idea | N/A | ||
| 2019-07-03 | CVE-2019-9873 | In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | Intellij_idea | 9.8 | ||
| 2019-07-03 | CVE-2019-9872 | In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8. | Intellij_idea | 8.1 | ||
| 2019-07-03 | CVE-2019-9823 | In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8. | Intellij_idea | 9.8 |