Man-in-the-Middle Vulnerability in JetBrains Ktor Framework
CVE-2019-10102

8.1HIGH

Key Information:

Vendor: Jetbrains
Status: Kotlin; Ktor
Vendor: CVE Published:; 3 July 2019

Summary

The JetBrains Ktor framework, utilized in development with the Kotlin IDE, contains a security flaw in versions prior to 1.1.0. During the build process, the framework resolves artifacts over an unsecured HTTP connection, opening the door for potential Man-in-the-Middle (MITM) attacks. By exploiting this vulnerability, an attacker could intercept or alter communications between the client and server, leading to unauthorized access or data tampering. This issue was addressed and remedied in the Kotlin plugin version 1.3.30, highlighting the importance of using secure connections in development environments.

References

https://blog.jetbrains.com/blog/2019/06/19/jetbrains-secu...

https://security.netapp.com/advisory/ntap-20230818-0012/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 3, 2019
Vulnerability Reserved
Mar 26, 2019