CVE-2019-10103

HIGH

Kotlin < 1.3.30 - Missing Encryption of Sensitive Data via Gradle Artifact Resolution

Title source: llm

Description

JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.

References (2)

Core 2

Core References

Vendor Advisory

https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/

Vendor Advisory

https://security.netapp.com/advisory/ntap-20230818-0012/

Scores

CVSS v3 8.1

EPSS 0.0094

EPSS Percentile 56.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-311

Status published

Products (1)

jetbrains/kotlin < 1.3.30

Published Jul 03, 2019

Tracked Since Feb 18, 2026