HTML Injection Vulnerability in JetBrains IntelliJ IDEA
CVE-2022-29816

2.8LOW

Key Information:

Vendor: Jetbrains
Status: Intellij Idea
Vendor: CVE Published:; 28 April 2022

Summary

A vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2022.1 that allows an attacker to inject HTML into IDE messages. This HTML injection flaw can be exploited to craft malicious messages that may lead to unauthorized actions or manipulation within the IDE, posing potential security risks to developers and their projects. Users are strongly advised to update to the latest version to mitigate this risk.

Affected Version(s)

IntelliJ IDEA 2022.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

x_refsource_MISC

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 28, 2022
Vulnerability Reserved
Apr 27, 2022