Flawed Origin Checks in JetBrains IntelliJ IDEA's Internal Web Server
CVE-2022-29818

3.9LOW

Key Information:

Vendor: Jetbrains
Status: Intellij Idea
Vendor: CVE Published:; 28 April 2022

Summary

A security vulnerability exists in JetBrains IntelliJ IDEA impacting versions prior to 2022.1, where the internal web server's origin checks are not implemented correctly. This flaw can potentially allow unauthorized access to internal web server resources, exposing sensitive information and impacting the security posture of applications developed using this IDE. Users are strongly advised to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

IntelliJ IDEA 2022.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

x_refsource_MISC

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 28, 2022
Vulnerability Reserved
Apr 27, 2022