Description
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053
Related Vulnerabilities
CVE-2019-5447 Vulnerability in npm package http-file-server
CVE-2022-43441 Vulnerability in npm package sqlite3
CVE-2019-9737 Vulnerability in npm package editor.md
CVE-2019-7722 Vulnerability in maven package net.sourceforge.pmd:pmd-core
CVE-2022-31367 Vulnerability in npm package strapi-plugin-content-type-builder