CVE-2019-10102

HIGH

JetBrains Ktor < 1.1.0 - Cleartext Transmission of Sensitive Information via Build Artifact Resolution

Title source: llm

Description

JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.

References (2)

Core 2

Core References

Vendor Advisory

https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/

Vendor Advisory

https://security.netapp.com/advisory/ntap-20230818-0012/

Scores

CVSS v3 8.1

EPSS 0.0000

EPSS Percentile 0.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-319

Status published

Products (2)

jetbrains/kotlin < 1.3.30

jetbrains/ktor < 1.1.0

Published Jul 03, 2019

Tracked Since Feb 18, 2026