Описание
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
Ссылки
- ExploitIssue TrackingVendor Advisory
- ExploitIssue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.2.5 (включая)
Одно из
cpe:2.3:a:eclipse:hawkbit:*:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:hawkbit:0.3.0:m1:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00082
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-494
CWE-319
Связанные уязвимости
CVSS3: 8.1
github
почти 7 лет назад
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
EPSS
Процентиль: 24%
0.00082
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-494
CWE-319