XXE Attack Vulnerability in JetBrains IntelliJ IDEA
CVE-2022-46827

3.9LOW

Key Information:

Vendor: Jetbrains
Status: Intellij Idea
Vendor: CVE Published:; 8 December 2022

Summary

JetBrains IntelliJ IDEA prior to version 2022.3 is susceptible to an XML External Entity (XXE) attack, which can lead to Server Side Request Forgery (SSRF) when maliciously crafted requests are made to custom plugin repositories. This vulnerability could allow attackers to manipulate the application's handling of external entities, potentially leading to unauthorized access and data exposure.

Affected Version(s)

IntelliJ IDEA 0 < 2022.3

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 8, 2022
Vulnerability Reserved
Dec 8, 2022