Code Template Vulnerability in JetBrains IntelliJ IDEA by JetBrains
CVE-2022-47896

5MEDIUM

Key Information:

Vendor: Jetbrains
Status: Intellij Idea
Vendor: CVE Published:; 22 December 2022

Summary

In JetBrains IntelliJ IDEA versions before 2022.3.1, code templates were susceptible to server-side template injection (SSTI) attacks. This vulnerability allows attackers to execute arbitrary code through specially crafted inputs, posing significant risks to the integrity and confidentiality of user data. It is crucial for users to upgrade to the latest version to mitigate these risks and enhance overall cybersecurity.

Affected Version(s)

IntelliJ IDEA 0 < 2022.3.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 22, 2022
Vulnerability Reserved
Dec 21, 2022