Man-in-the-Middle Attack Vulnerability in JetBrains Kotlin Software
CVE-2019-10101

8.1HIGH

Key Information:

Vendor: Jetbrains
Status: Kotlin
Vendor: CVE Published:; 3 July 2019

Summary

Prior to version 1.3.30, JetBrains Kotlin utilized an insecure HTTP connection during the build process to resolve artifacts. This flaw could expose users to man-in-the-middle (MITM) attacks, allowing an attacker to intercept and manipulate data between the user and the artifact repository. As a result, sensitive information or malicious code could be introduced, compromising the integrity of the software development process.

References

https://blog.jetbrains.com/blog/2019/06/19/jetbrains-secu...

https://medium.com/bugbountywriteup/want-to-take-over-the...

https://security.netapp.com/advisory/ntap-20230818-0012/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 3, 2019
Vulnerability Reserved
Mar 26, 2019