PT-2019-11652 · Eclipse · Eclipse Hawkbit

Dominic Schabel

Publicado

2019-04-03

Atualizado

2021-10-28

CVE-2019-10240

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Eclipse hawkBit versions prior to 0.3.0M2

Description: The issue allows for the potential compromise of Maven build artifacts used by the Vaadin based UI due to the use of HTTP instead of HTTPS. This could lead to maliciously compromised artifacts, resulting in potentially infected build artifacts of hawkBit. A man-in-the-middle (MITM) attack could exploit this issue.

Recommendations: For Eclipse hawkBit versions prior to 0.3.0M2, update to version 0.3.0M2 or later to resolve the issue. As a temporary workaround, consider restricting the use of HTTP for resolving Maven build artifacts to minimize the risk of exploitation.

Exploit

Correção

Cleartext Transmission of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319CWE-494CWE-829

Identificadores relacionados

CVE-2019-10240

GHSA-JWQM-C9F2-2CQ3

Produtos afetados

Eclipse Hawkbit

PT-2019-11652 · Eclipse · Eclipse Hawkbit

CVE-2019-10240

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5