CVE-2019-10240
03.04.2019, 18:29
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.Enginsight
| Vendor | Product | Version |
|---|---|---|
| eclipse | hawkbit | 𝑥 ≤ 0.2.5 |
| eclipse | hawkbit | 0.3.0:m1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-494 - Download of Code Without Integrity CheckThe product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
- CWE-319 - Cleartext Transmission of Sensitive InformationThe software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.