RSS   Vulnerabilities for 'Intellij idea'   RSS

2021-02-03
 
CVE-2021-25758

CWE-502
 

 
In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deserialization of the workspace model could lead to code execution.

 
 
CVE-2021-25756

NVD-CWE-noinfo
 

 
In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for several remote repositories instead of HTTPS.

 
2020-11-16
 
CVE-2020-27622

NVD-CWE-noinfo
 

 
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.

 
2020-04-22
 
CVE-2020-11690

NVD-CWE-Other
 

 
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.

 
2020-01-31
 
CVE-2020-7914

CWE-200
 

 
In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3.

 
2020-01-30
 
CVE-2020-7905

CWE-200
 

 
Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network.

 
 
CVE-2020-7904

CWE-295
 

 
In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS.

 
2019-10-01
 
CVE-2019-14954

CWE-311
 

 
JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plantuml artifact download link via a cleartext http connection.

 
2019-07-03
 
CVE-2019-9873

CWE-255
 

 
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.

 
 
CVE-2019-9872

CWE-255
 

 
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.

 


Copyright 2021, cxsecurity.com

 

Back to Top