Path Traversal Vulnerability in JetBrains IntelliJ IDEA Web Server
CVE-2022-46826

6.2MEDIUM

Key Information:

Vendor: Jetbrains
Status: Intellij Idea
Vendor: CVE Published:; 8 December 2022

Summary

A path traversal vulnerability exists in JetBrains IntelliJ IDEA prior to version 2022.3, enabling attackers to delve into the file system and access arbitrary files through the built-in web server. By exploiting this flaw, unauthorized users could potentially read sensitive files, compromising the security and confidentiality of the development environment.

Affected Version(s)

IntelliJ IDEA 0 < 2022.3

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 8, 2022
Vulnerability Reserved
Dec 8, 2022