CVE-2019-10240

CVSS v3.1 8.1 (High)

CVSS v2.0 6.8 (Medium)

EPSS 0.14 % (51^th)

Affected Products 1

Advisories 1

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.

Weaknesses

CWE-319: Cleartext Transmission of Sensitive Information
CWE-494: Download of Code Without Integrity Check
CWE-829: Inclusion of Functionality from Untrusted Control Sphere

CVE Status: PUBLISHED
CNA: Eclipse Foundation
Published Date: 2019-04-03 18:29:17
(5 years ago)
Updated Date: 2021-10-28 13:54:32
(2 years ago)

Affected Products

Eclipse

Hawkbit

Configuration #1

		CPE23	From	Up To
	Eclipse Hawkbit 0.2.5 and prior versions	cpe:2.3:a:eclipse:hawkbit		<= 0.2.5
	Eclipse Hawkbit 0.3.0 M1	cpe:2.3:a:eclipse:hawkbit:0.3.0:m1