GHSA-jwqm-c9f2-2cq3

Source

https://github.com/advisories/GHSA-jwqm-c9f2-2cq3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-jwqm-c9f2-2cq3/GHSA-jwqm-c9f2-2cq3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jwqm-c9f2-2cq3

Aliases

CVE-2019-10240

Published

2019-04-15T16:19:23Z

Modified

2023-11-08T04:00:43.652344Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit

Details

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.

Database specific

{
    "nvd_published_at": null,
    "github_reviewed_at": "2021-12-03T14:33:13Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-319",
        "CWE-494",
        "CWE-829"
    ]
}

References

Affected packages

Maven / org.eclipse.hawkbit:hawkbit-autoconfigure

Package

Name: org.eclipse.hawkbit:hawkbit-autoconfigure; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.hawkbit/hawkbit-autoconfigure

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.0M2

Affected versions

0.*

0.2.0M1

0.2.0M2

0.2.0M3

0.2.0M4

0.2.0M5

0.2.0M6

0.2.0M7

0.2.0M8

0.2.0M9

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-ui

Package

Name: org.eclipse.hawkbit:hawkbit-ui; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.hawkbit/hawkbit-ui

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.0M2

Affected versions

0.*

0.2.0M1

0.2.0M2

0.2.0M3

0.2.0M4

0.2.0M5

0.2.0M6

0.2.0M7

0.2.0M8

0.2.0M9

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-parent

Package

Name: org.eclipse.hawkbit:hawkbit-parent; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.hawkbit/hawkbit-parent

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.0M2

Affected versions

0.*

0.2.0M1

0.2.0M2

0.2.0M3

0.2.0M4

0.2.0M5

0.2.0M6

0.2.0M7

0.2.0M8

0.2.0M9

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-starters

Package

Name: org.eclipse.hawkbit:hawkbit-starters; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.hawkbit/hawkbit-starters

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.0M2

Affected versions

0.*

0.2.0M3

0.2.0M4

0.2.0M5

0.2.0M6

0.2.0M7

0.2.0M8

0.2.0M9

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-boot-starter

Package

Name: org.eclipse.hawkbit:hawkbit-boot-starter; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.0M2

Affected versions

0.*

0.2.0M3

0.2.0M4

0.2.0M5

0.2.0M6

0.2.0M7

0.2.0M8

0.2.0M9

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-update-server

Package

Name: org.eclipse.hawkbit:hawkbit-update-server; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.hawkbit/hawkbit-update-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.0M2

Affected versions

0.*

0.2.0M3

0.2.0M4

0.2.0M5

0.2.0M6

0.2.0M7

0.2.0M8

0.2.0M9

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-boot-starter-mgmt-ui

Package

Name: org.eclipse.hawkbit:hawkbit-boot-starter-mgmt-ui; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter-mgmt-ui

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.0M2

Affected versions

0.*

0.2.0M3

0.2.0M4

0.2.0M5

0.2.0M6

0.2.0M7

0.2.0M8

0.2.0M9

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-boot-starter-mgmt-api

Package

Name: org.eclipse.hawkbit:hawkbit-boot-starter-mgmt-api; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter-mgmt-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.0M2

Affected versions

0.*

0.2.0M3

0.2.0M4

0.2.0M5

0.2.0M6

0.2.0M7

0.2.0M8

0.2.0M9

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-boot-starter-dmf-api

Package

Name: org.eclipse.hawkbit:hawkbit-boot-starter-dmf-api; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter-dmf-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.0M2

Affected versions

0.*

0.2.0M3

0.2.0M4

0.2.0M5

0.2.0M6

0.2.0M7

0.2.0M8

0.2.0M9

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-boot-starter-ddi-api

Package

Name: org.eclipse.hawkbit:hawkbit-boot-starter-ddi-api; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter-ddi-api

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.0M2

Affected versions

0.*

0.2.0M3

0.2.0M4

0.2.0M5

0.2.0M6

0.2.0M7

0.2.0M8

0.2.0M9

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}