Описание
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che.
Уязвимость сервера рабочей среды для разработчиков на основе Java Eclipse Che, связанная с отсутствием проверки целостности сообщений, позволяющая нарушителю проводить атаки типа "человек посередине"
EPSS
8.1 High
CVSS3
6.8 Medium
CVSS2