Main Vulnerability Database Vulnerabilities #VU50377

Cleartext transmission of sensitive information in IntelliJ IDEA - CVE-2021-25756

Published: February 3, 2021 / Updated: February 5, 2021

Vulnerability identifier: #VU50377

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-25756

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: JetBrains s.r.o.

Affected software:
IntelliJ IDEA

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel (e.g. HTTP instead of HTTPS) to transmit sensitive information from several remote repositories. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

How to mitigate CVE-2021-25756

Install updates from vendor's website.

Sources

https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/

Cleartext transmission of sensitive information in IntelliJ IDEA - CVE-2021-25756

Detailed vulnerability description

How to mitigate CVE-2021-25756

Sources

Please verify you're human