Description
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053
Related Vulnerabilities
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-dbcp-service
CVE-2023-40573 Vulnerability in maven package org.xwiki.platform:xwiki-platform-scheduler-api
CVE-2023-33246 Vulnerability in maven package org.apache.rocketmq:rocketmq-namesrv
CVE-2022-31129 Vulnerability in maven package org.webjars.bower:moment
CVE-2023-32081 Vulnerability in maven package io.vertx:vertx-stomp