Source Code Logging Vulnerability in JetBrains PhpStorm
CVE-2022-48435

3.3LOW

Key Information:

Vendor: Jetbrains
Status: PHPstorm
Vendor: CVE Published:; 4 April 2023

What is CVE-2022-48435?

A vulnerability in JetBrains PhpStorm prior to version 2023.1 allows sensitive source code to be inadvertently logged in the local idea.log file. This misconfiguration can lead to unauthorized exposure of proprietary code, posing risks to developers concerning privacy and intellectual property. Users of affected versions should update their software to mitigate potential data breaches.

Affected Version(s)

PhpStorm 0 < 2023.1

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2023
Vulnerability Reserved
Apr 4, 2023

Jetbrains

What is CVE-2022-48435?

Affected Version(s)

References

CVSS V3.1

Timeline