CVE-2019-10240
HIGHEclipse hawkBit < 0.3.0M2 - Cleartext Transmission of Sensitive Information via Maven Build Artifacts
Title source: llmDescription
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546053
Scores
CVSS v3
8.1
EPSS
0.0043
EPSS Percentile
34.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-319
CWE-494
CWE-829
Status
published
Products (12)
eclipse/hawkbit
0.3.0 m1
eclipse/hawkbit
< 0.2.5
org.eclipse.hawkbit/hawkbit-autoconfigure
0 - 0.3.0M2Maven
org.eclipse.hawkbit/hawkbit-boot-starter
0 - 0.3.0M2Maven
org.eclipse.hawkbit/hawkbit-boot-starter-ddi-api
0 - 0.3.0M2Maven
org.eclipse.hawkbit/hawkbit-boot-starter-dmf-api
0 - 0.3.0M2Maven
org.eclipse.hawkbit/hawkbit-boot-starter-mgmt-api
0 - 0.3.0M2Maven
org.eclipse.hawkbit/hawkbit-boot-starter-mgmt-ui
0 - 0.3.0M2Maven
org.eclipse.hawkbit/hawkbit-parent
0 - 0.3.0M2Maven
org.eclipse.hawkbit/hawkbit-starters
0 - 0.3.0M2Maven
... and 2 more
Published
Apr 03, 2019
Tracked Since
Feb 18, 2026