8.1
CVE-2019-10101
- EPSS 1.62%
- Veröffentlicht 03.07.2019 20:15:11
- Zuletzt bearbeitet 21.11.2024 04:18:24
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.62% | 0.729 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/
https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb
https://security.netapp.com/advisory/ntap-20230818-0012/