In several JetBrains IntelliJ IDEA Ultimate versions, an Application Server run configuration (for Tomcat, Jetty, Resin, or CloudBees) with the default setting allowed a remote attacker to execute code when the configuration is running, because a JMX server listened on all interfaces instead of localhost only. The issue has been fixed in the following versions: 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HJetbrains Intellij Idea
APPJetbrains2018.1 – 2018.1.8 (bez)2018.2 – 2018.2.8 (bez)2018.3 – 2018.3.4 (bez)2018.3.5 – 2018.3.7 (bez)
Related vulnerabilities
Wyciek tokenu GitHub do stron trzecich w JetBrains IDE
JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand ...
In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some ca...
In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers ...
In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed ...