CVE-2019-11770

HIGH

Eclipse Buildship <3.1.1 - Info Disclosure

Title source: llm

Description

In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this.

References (2)

[Vendor Advisory] https://bugs.eclipse.org/bugs/show_bug.cgi?id=547734

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/eclipse/buildship/issues/855

Scores

CVSS v3 8.1

EPSS 0.0044

EPSS Percentile 63.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-669 CWE-829

Status published

Products (1)

eclipse/buildship < 3.1.1

Published Jun 14, 2019

Tracked Since Feb 18, 2026