Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2019-10240 Vulnerability in maven package org.eclipse.hawkbit:hawkbit-parent

Description

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.

Remediation

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053

Related Vulnerabilities

CVE-2023-39013 Vulnerability in maven package no.priv.garshol.duke:duke

CVE-2021-25946 Vulnerability in npm package nconf-toml

CVE-2023-34234 Vulnerability in npm package @openzeppelin/contracts

CVE-2023-26479 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-parser

CVE-2023-32985 Vulnerability in maven package org.jenkins-ci.plugins:sidebar-link

Severity

Critical

Classification

CWE-319 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Vendor Advisory