CVE-2019-10240
First published: Wed Apr 03 2019(Updated: )
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
Credit: emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse Hawkbit | <=0.2.5 | |
| Eclipse Hawkbit | =0.3.0-m1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-10240?
CVE-2019-10240 has been rated as a medium severity vulnerability due to the potential for man-in-the-middle attacks.
How do I fix CVE-2019-10240?
To fix CVE-2019-10240, upgrade to Eclipse HawkBit version 0.3.0M2 or later to ensure secure downloads over HTTPS.
What is the impact of CVE-2019-10240?
The impact of CVE-2019-10240 is the risk of malicious compromise of build artifacts due to unprotected HTTP communication.
Which versions of Eclipse HawkBit are affected by CVE-2019-10240?
Eclipse HawkBit versions prior to 0.3.0M2 and certain versions up to 0.2.5 are affected by CVE-2019-10240.
What type of attack is CVE-2019-10240 vulnerable to?
CVE-2019-10240 is vulnerable to man-in-the-middle (MITM) attacks that can compromise dependent Maven build artifacts.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/eclipse
- canonical/eclipse hawkbit
- version/eclipse hawkbit/0.2.5
- version/eclipse hawkbit/0.3.0-m1