CVE-2019-10240

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10240

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10240.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10240

Aliases

GHSA-jwqm-c9f2-2cq3

Published

2019-04-03T18:29:17Z

Modified

2024-09-03T02:21:28.223352Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053

Affected packages

Git / github.com/eclipse/hawkbit

Affected ranges

Type: GIT
Repo: https://github.com/eclipse/hawkbit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

347fac7f009e0cefbdf0b238d1b0878b5a176e0f

Last affected

df23c4ef836f25b5630e86614c2a6e1944bfbd62

Affected versions

0.*

0.2.0

0.2.0M1

0.2.0M2

0.2.0M3

0.2.0M4

0.2.0M5

0.2.0M6

0.2.0M7

0.2.0M8

0.2.0M9

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5