Description

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.

Remediation

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053

Related Vulnerabilities

CVE-2019-5447 Vulnerability in npm package http-file-server

CVE-2022-43441 Vulnerability in npm package sqlite3

CVE-2019-9737 Vulnerability in npm package editor.md

CVE-2019-7722 Vulnerability in maven package net.sourceforge.pmd:pmd-core

CVE-2022-31367 Vulnerability in npm package strapi-plugin-content-type-builder

Severity

Critical

Classification

CWE-319 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Vendor Advisory