Remote Development Vulnerability in JetBrains IDEs
CVE-2021-45977

9.8CRITICAL

Key Information:

Vendor: Jetbrains
Status: Webstorm; Clion; Rubymine; PHPstorm
Vendor: CVE Published:; 25 February 2022

Summary

JetBrains IDEs including IntelliJ IDEA, PyCharm, PhpStorm, RubyMine, and others, faced an issue where the development environments could bind to the 0.0.0.0 IP address when configured as Remote Development backends. This improper binding could potentially expose these IDEs to unauthorized access, making it imperative for users to update to fixed versions to enhance their system security and ensure proper isolation of the development environment.

References

https://jetbrains.com

x_refsource_MISC

https://blog.jetbrains.com/blog/2022/02/08/jetbrains-secu...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 25, 2022
Vulnerability Reserved
Jan 1, 2022