GHSA-jwqm-c9f2-2cq3

Suggest an improvement
Source
https://github.com/advisories/GHSA-jwqm-c9f2-2cq3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-jwqm-c9f2-2cq3/GHSA-jwqm-c9f2-2cq3.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-jwqm-c9f2-2cq3
Aliases
Published
2019-04-15T16:19:23Z
Modified
2023-11-01T04:49:57.219249Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
Details

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.

Database specific
{
    "nvd_published_at": null,
    "github_reviewed_at": "2021-12-03T14:33:13Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-319",
        "CWE-494",
        "CWE-829"
    ]
}
References

Affected packages

Maven / org.eclipse.hawkbit:hawkbit-autoconfigure

Package

Name
org.eclipse.hawkbit:hawkbit-autoconfigure
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.hawkbit/hawkbit-autoconfigure

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.0M2

Affected versions

0.*

0.2.0M1
0.2.0M2
0.2.0M3
0.2.0M4
0.2.0M5
0.2.0M6
0.2.0M7
0.2.0M8
0.2.0M9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-ui

Package

Name
org.eclipse.hawkbit:hawkbit-ui
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.hawkbit/hawkbit-ui

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.0M2

Affected versions

0.*

0.2.0M1
0.2.0M2
0.2.0M3
0.2.0M4
0.2.0M5
0.2.0M6
0.2.0M7
0.2.0M8
0.2.0M9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-parent

Package

Name
org.eclipse.hawkbit:hawkbit-parent
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.hawkbit/hawkbit-parent

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.0M2

Affected versions

0.*

0.2.0M1
0.2.0M2
0.2.0M3
0.2.0M4
0.2.0M5
0.2.0M6
0.2.0M7
0.2.0M8
0.2.0M9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-starters

Package

Name
org.eclipse.hawkbit:hawkbit-starters
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.hawkbit/hawkbit-starters

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.0M2

Affected versions

0.*

0.2.0M3
0.2.0M4
0.2.0M5
0.2.0M6
0.2.0M7
0.2.0M8
0.2.0M9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-boot-starter

Package

Name
org.eclipse.hawkbit:hawkbit-boot-starter
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.0M2

Affected versions

0.*

0.2.0M3
0.2.0M4
0.2.0M5
0.2.0M6
0.2.0M7
0.2.0M8
0.2.0M9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-update-server

Package

Name
org.eclipse.hawkbit:hawkbit-update-server
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.hawkbit/hawkbit-update-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.0M2

Affected versions

0.*

0.2.0M3
0.2.0M4
0.2.0M5
0.2.0M6
0.2.0M7
0.2.0M8
0.2.0M9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-boot-starter-mgmt-ui

Package

Name
org.eclipse.hawkbit:hawkbit-boot-starter-mgmt-ui
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter-mgmt-ui

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.0M2

Affected versions

0.*

0.2.0M3
0.2.0M4
0.2.0M5
0.2.0M6
0.2.0M7
0.2.0M8
0.2.0M9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-boot-starter-mgmt-api

Package

Name
org.eclipse.hawkbit:hawkbit-boot-starter-mgmt-api
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter-mgmt-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.0M2

Affected versions

0.*

0.2.0M3
0.2.0M4
0.2.0M5
0.2.0M6
0.2.0M7
0.2.0M8
0.2.0M9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-boot-starter-dmf-api

Package

Name
org.eclipse.hawkbit:hawkbit-boot-starter-dmf-api
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter-dmf-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.0M2

Affected versions

0.*

0.2.0M3
0.2.0M4
0.2.0M5
0.2.0M6
0.2.0M7
0.2.0M8
0.2.0M9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}

Maven / org.eclipse.hawkbit:hawkbit-boot-starter-ddi-api

Package

Name
org.eclipse.hawkbit:hawkbit-boot-starter-ddi-api
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.hawkbit/hawkbit-boot-starter-ddi-api

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.0M2

Affected versions

0.*

0.2.0M3
0.2.0M4
0.2.0M5
0.2.0M6
0.2.0M7
0.2.0M8
0.2.0M9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.3.0M1

Database specific

{
    "last_known_affected_version_range": "<= 0.3.0M1"
}