Trust Project Prompt Bypass in JetBrains IntelliJ IDEA <2023.1
CVE-2022-48431 Published on March 29, 2023

In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the Trust Project confirmation.

NVD

Vulnerability Analysis

CVE-2022-48431 can be exploited with local system access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:

LOCAL

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

LOW

Weakness Type

Insufficient Verification of Data Authenticity

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Products Associated with CVE-2022-48431

Want to know whenever a new CVE is published for JetBrains Intellij Idea? stack.watch will email you.

JetBrains Intellij Idea

Affected Versions

JetBrains IntelliJ IDEA:

Before 2023.1 is affected.

Exploit Probability

EPSS

0.00%

Percentile

0.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.