CVE-2019-11770
Summary
| CVE | CVE-2019-11770 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-06-14 14:29:00 UTC |
| Updated | 2023-03-24 17:48:00 UTC |
| Description | In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this. |
Risk And Classification
Problem Types: CWE-669
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Releases should not depend on insecure or untrusted code · Issue #855 · eclipse/buildship · GitHub | CONFIRM | github.com | Exploit, Issue Tracking, Third Party Advisory |
| 547734 – (CVE-2019-11770) Eclipse Buildship: New CVE Request | CONFIRM | bugs.eclipse.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.