Local Code Execution Vulnerability in JetBrains Rider by JetBrains
CVE-2022-29821

6.9MEDIUM

Key Information:

Vendor: Jetbrains
Status: Rider
Vendor: CVE Published:; 28 April 2022

Summary

A vulnerability exists in JetBrains Rider prior to version 2022.1, where local code execution can be triggered through links in the ReSharper Quick Documentation. This flaw can potentially allow an attacker to execute arbitrary code on the user's machine if they manipulate the links provided in the documentation. Users are advised to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Rider 2022.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

x_refsource_MISC

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 28, 2022
Vulnerability Reserved
Apr 27, 2022