CVE-2019-10102

JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
jetbrainskotlin
𝑥
< 1.3.30
jetbrainsktor
𝑥
< 1.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/
https://security.netapp.com/advisory/ntap-20230818-0012/
https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/
https://security.netapp.com/advisory/ntap-20230818-0012/