Man-in-the-Middle Vulnerability in Eclipse HawkBit UI by Eclipse
CVE-2019-10240

8.1HIGH

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Hawkbit
Vendor: CVE Published:; 3 April 2019

What is CVE-2019-10240?

Eclipse HawkBit versions prior to 0.3.0M2 are susceptible to a security vulnerability wherein Maven build artifacts for the Vaadin-based user interface were resolved over HTTP instead of the secure HTTPS protocol. This oversight opens the door for malicious entities to launch man-in-the-middle (MITM) attacks, potentially compromising dependent artifacts and resulting in the production of infected build artifacts. Users of affected versions should ensure they upgrade to mitigate these risks.

Affected Version(s)

Eclipse hawkBit < 0.3.0M2

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2019
Vulnerability Reserved
Mar 27, 2019

The Eclipse Foundation

What is CVE-2019-10240?

Affected Version(s)

References

CVSS V3.1

Timeline