CVE-2021-41034
First published: Wed Sep 29 2021(Updated: )
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che.
Credit: emo@eclipse.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse Che | >=6.0.0<7.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the Eclipse Che vulnerability?
The vulnerability ID for the Eclipse Che vulnerability is CVE-2021-41034.
What is the severity of CVE-2021-41034?
CVE-2021-41034 has a severity of 8.1 (high).
How does the Eclipse Che vulnerability impact the builds of language stacks?
The Eclipse Che vulnerability allows for MITM attacks that enable the replacement of original binaries with arbitrary ones in the builds of vulnerable language stacks.
Which version of Eclipse Che is affected by CVE-2021-41034?
Eclipse Che versions from 6.0.0 to 7.0.0 are affected by CVE-2021-41034.
Is there any reference for more information on CVE-2021-41034?
Yes, you can find more information on CVE-2021-41034 at the following link: https://bugs.eclipse.org/bugs/show_bug.cgi?id=540989.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/eclipse
- canonical/eclipse che
- version/eclipse che/6.0.0