Main Vulnerability Database Vulnerabilities #VU50377

#VU50377 Cleartext transmission of sensitive information in IntelliJ IDEA - CVE-2021-25756

Published: February 3, 2021 / Updated: February 5, 2021

Vulnerability identifier: #VU50377

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-25756

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IntelliJ IDEA

Software vendor:
JetBrains s.r.o.

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel (e.g. HTTP instead of HTTPS) to transmit sensitive information from several remote repositories. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Remediation

Install updates from vendor's website.

External links

https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/

#VU50377 Cleartext transmission of sensitive information in IntelliJ IDEA - CVE-2021-25756

Description

Remediation

External links

Please verify you're human