In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces (instead of listening on only the localhost interface). This issue has been fixed in the following versions: 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HJetbrains Intellij Idea
APPJetbrains2018.1 – 2018.1.8 (bez)2018.2 – 2018.2.8 (bez)2018.3 – 2018.3.5 (bez)2018.3.6 – 2019.1 (bez)
Powiązane podatności
Wyciek tokenu GitHub do stron trzecich w JetBrains IDE
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand ...
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some ca...
In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task Servers configurations leads to saving ...
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers ...