PT-2021-23056 · Eclipse · Eclipse Equinox
Some User
·
Published
2021-09-13
·
Updated
2021-09-24
·
CVE-2021-41033
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Eclipse Equinox versions prior to 4.21
Description
The issue allows for a man-in-the-middle attack when using HTTP p2 repositories, potentially leading to the installation of malicious plug-ins that can run malicious code by serving incorrect p2 metadata and altering the local installation.
Recommendations
For Eclipse Equinox versions prior to 4.21, consider switching to HTTPS p2 repositories to mitigate the risk of man-in-the-middle attacks. As a temporary workaround, restrict access to HTTP p2 repositories until a secure connection method is implemented.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eclipse Equinox