In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Jetbrains
  • Intellij Idea

Configuration 1 [-]

cpe:2.3:a:jetbrains:intellij_idea:*:*:*:*:*:*:*:*
References
Link Resource
https://www.jetbrains.com/privacy-security/issues-fixed/ Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: JetBrains

Published: 2022-12-08T17:37:56.568Z

Updated:

Reserved: 2022-12-08T16:48:48.100Z

Link: CVE-2022-46826

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2022-12-08T18:15:10.053

Modified: 2022-12-12T16:55:31.877

Link: CVE-2022-46826

JSON object: View

cve-icon Redhat Information

No data.

CWE