CVE-2019-10240

CVE-2019-10240

Vendor The Eclipse Foundation
Product Eclipse hawkBit
Weakness CWE-829 · Inclusion from untrusted sphere
Published April 3, 2019
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.

Key dates

02Disclosure timeline

April 3, 2019 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE