CVE-2019-10248

HIGH

Eclipse Vorto <0.11 - Info Disclosure

Title source: llm

Description

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.

References (1)

[Third Party Advisory] https://bugs.eclipse.org/bugs/show_bug.cgi?id=546622

Scores

CVSS v3 8.1

EPSS 0.0016

EPSS Percentile 37.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-669 CWE-494 CWE-829

Status published

Products (2)

eclipse/vorto < 0.11

org.eclipse.vorto/org.eclipse.vorto.core 0 - 0.11.0Maven

Published Apr 22, 2019

Tracked Since Feb 18, 2026