Cleartext Credential Storage Vulnerability in JetBrains IntelliJ IDEA Ultimate

Cleartext Credential Storage Vulnerability in JetBrains IntelliJ IDEA Ultimate

CVE-2019-9872 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize IDE settings using a public repository, these credentials were published to this repository. The issue has been fixed in the following versions: 2019.1, 2018.3.5, 2018.2.8, and 2018.1.8.

Learn more about our Cis Benchmark Audit For Server Software.