CVE-2022-46825 : In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked informat

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leaked information about open projects.

Published 2022-12-08 18:15:10

Updated 2022-12-12 16:56:40

Source JetBrains s.r.o.

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2022-46825

Jetbrains » Intellij Idea
Versions before (<) 2022.3
cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.00%

Probability of exploitation activity in the next 30 days EPSS Score History

~ %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	1.8	1.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
4.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	2.5	1.4	JetBrains s.r.o.
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: security@jetbrains.com (Secondary)
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Assigned by: nvd@nist.gov (Primary)

Jump to