Description
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053
Related Vulnerabilities
CVE-2023-22457 Vulnerability in maven package org.xwiki.contrib:application-ckeditor-plugins
CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk18on
CVE-2022-1295 Vulnerability in npm package fullpage.js
CVE-2023-26480 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livedata-webjar
CVE-2020-7691 Vulnerability in maven package org.webjars.bower:jspdf