File Content Disclosure Vulnerability in JetBrains IntelliJ IDEA
CVE-2022-48430

5.5MEDIUM

Key Information:

Vendor: Jetbrains
Status: Intellij Idea
Vendor: CVE Published:; 29 March 2023

Summary

A vulnerability in JetBrains IntelliJ IDEA prior to version 2023.1 allows for unauthorized disclosure of file content through manipulated external stylesheet paths during the Markdown preview feature. This could potentially expose sensitive information to unauthorized users, necessitating immediate attention for users of affected versions to mitigate risks.

Affected Version(s)

IntelliJ IDEA 0 < 2023.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 29, 2023
Vulnerability Reserved
Mar 29, 2023