vulnerability
JetBrains IntelliJ IDEA: CVE-2019-9872: The application server configuration allowed cleartext storage of secrets. IDEA-201519, IDEA-202483, IDEA-203271
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Jul 3, 2019 | Jan 29, 2025 | Jul 29, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Jul 3, 2019
Added
Jan 29, 2025
Modified
Jul 29, 2025
Description
In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.
Solution
jetbrains-intellij-idea-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.