Excessive Permission Request in JetBrains IntelliJ IDEA Plugin for Space
CVE-2023-39261

7.8HIGH

Key Information:

Vendor: JetBrains
Status: IntelliJ IDEA
Vendor: CVE Published:; 26 July 2023

Summary

The JetBrains IntelliJ IDEA Plugin for Space, prior to version 2023.2, was found to be requesting excessive permissions that could potentially compromise user data and system integrity. This vulnerability highlights the need for careful permission policies in plugin design and implementation.

Affected Version(s)

IntelliJ IDEA 0 < 2023.2

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 26, 2023
Vulnerability Reserved
Jul 26, 2023