CVE-2022-47895

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2022.3.1

Description The issue is related to the "Validate JSP File" action in IntelliJ IDEA, which used the HTTP protocol to download required JAR files. This allows a remote attacker to download arbitrary JAR files, potentially leading to exploitation. The vulnerability involves the transmission of critical information in plain text.

Recommendations For versions prior to 2022.3.1, update to version 2022.3.1 or later to resolve the issue. As a temporary workaround, consider disabling the "Validate JSP File" action until a patch is available. Restrict access to the HTTP protocol for downloading JAR files to minimize the risk of exploitation.