Excessive Permission Request in JetBrains IntelliJ IDEA Plugin for Space
CVE-2023-39261

7.8HIGH

Key Information:

Vendor

JetBrains
Status
IntelliJ IDEA
Vendor
CVE Published:
26 July 2023

What is CVE-2023-39261?

The JetBrains IntelliJ IDEA Plugin for Space, prior to version 2023.2, was found to be requesting excessive permissions that could potentially compromise user data and system integrity. This vulnerability highlights the need for careful permission policies in plugin design and implementation.

Affected Version(s)

IntelliJ IDEA 0 < 2023.2

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.