Man-in-the-Middle Vulnerability in Eclipse Che by Eclipse Foundation
CVE-2021-41034

8.1HIGH

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Che
Vendor: CVE Published:; 29 September 2021

🔔 Create The Eclipse Foundation Vulnerability Alert

What is CVE-2021-41034?

Eclipse Che version 6 contains a vulnerability where certain language stacks pull binaries from an unsecured HTTP endpoint. This flaw exposes the build process to Man-in-the-Middle (MITM) attacks, enabling an attacker to intercept and replace original binaries with malicious ones during the build phase. Affected stacks include Java 8 (alpine and centos), Android, and PHP. Although the vulnerability does not pose a risk during runtime, it is essential to address this issue during the build process to mitigate potential security threats.

Affected Version(s)

Eclipse Che 6.0

Eclipse Che < 7.0

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=540989

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 29, 2021
Vulnerability Reserved
Sep 13, 2021