Description
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053
Related Vulnerabilities
CVE-2022-43429 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test
CVE-2021-43090 Vulnerability in maven package com.predic8:soa-model-parent
CVE-2018-3711 Vulnerability in npm package fastify
CVE-2023-50768 Vulnerability in maven package org.sonatype.nexus.ci:nexus-jenkins-plugin
CVE-2014-3004 Vulnerability in maven package org.codehaus.castor:castor-xml