CVE-2024-46970

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 16, 2024
Updated: Sep 20, 2024
CWE ID 79

Summary

CVE-2024-46970 is a vulnerability identified in JetBrains IntelliJ IDEA versions prior to 2024.1 that allows for HTML injection through the project name. The affected products encompass a wide range of IntelliJ IDEA variants, which could potentially expose organizations to risks such as cross-site scripting (XSS) attacks, with a medium severity rating and an exploitability score of 2.8. Remediation involves upgrading to the latest version of IntelliJ IDEA, as outlined in vendor advisories. The attack requires user interaction and has low impacts on confidentiality and integrity; however, it can allow malicious actors to execute harmful scripts within a user's browser session. For further details, users are advised to refer to the official JetBrains security advisory.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share