CVE-2023-51655: 
JetBrains IntelliJ IDEA vulnerability analysis and mitigation

CVE-2023-51655 affects JetBrains IntelliJ IDEA versions before 2023.3.2. The vulnerability allows code execution in Untrusted Project mode through a malicious plugin repository specified in the project configuration. The vulnerability was disclosed on December 21, 2023, and received a Critical severity rating (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. However, JetBrains assessed it with a lower CVSS score of 6.3 (Medium) with vector string CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N. The vulnerability is associated with CWE-345 (Insufficient Verification of Data Authenticity) and CWE-349 (Acceptance of Extraneous Untrusted Data With Trusted Data) (NVD).

The vulnerability could potentially lead to unauthorized code execution within the Untrusted Project mode of IntelliJ IDEA, compromising the security boundaries intended to protect against malicious projects (NVD).

The vulnerability has been patched in IntelliJ IDEA version 2023.3.2. Users are advised to upgrade to this version or later to mitigate the security risk (JetBrains Advisory).