CVE-2022-47895 MEDIUM

CVE-2022-47895

Vendor Jetbrains
Product IntelliJ IDEA
Weakness CWE-319 · Cleartext transmission
Published December 22, 2022
Last update April 15, 2025

CVSS base score

4.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" action used the HTTP protocol to download required JAR files.

Key dates

02Disclosure timeline

December 22, 2022 CVE published
April 15, 2025 Record updated