CVE-2019-11770
First published: Fri Jun 14 2019(Updated: )
In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this.
Credit: emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse Buildship | <3.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-11770?
CVE-2019-11770 is classified as a high severity vulnerability due to the potential for MITM attacks.
How do I fix CVE-2019-11770?
To fix CVE-2019-11770, upgrade Eclipse Buildship to version 3.1.1 or later.
What does CVE-2019-11770 affect?
CVE-2019-11770 affects Eclipse Buildship versions prior to 3.1.1 due to the usage of HTTP instead of HTTPS for resolving dependencies.
What kind of attack is possible due to CVE-2019-11770?
CVE-2019-11770 allows for potential man-in-the-middle (MITM) attacks that could compromise build artifacts.
Is my system vulnerable if I use an earlier version than 3.1.1 of Eclipse Buildship?
Yes, if you are using a version of Eclipse Buildship prior to 3.1.1, your system is vulnerable to CVE-2019-11770.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/eclipse
- canonical/eclipse buildship