QID 983480
QID 983480: Java (maven) Security Update for org.eclipse.hawkbit:hawkbit-boot-starter-ddi-api (GHSA-jwqm-c9f2-2cq3)
Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.
Solution
Customers are advised to refer to GHSA-jwqm-c9f2-2cq3 for updates pertaining to this vulnerability.
Vendor References
- GHSA-jwqm-c9f2-2cq3 -
github.com/advisories/GHSA-jwqm-c9f2-2cq3
CVEs related to QID 983480
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-jwqm-c9f2-2cq3 | org.eclipse.hawkbit:hawkbit-autoconfigure |
github.com/advisories/GHSA-jwqm-c9f2-2cq3 |
|
| GHSA-jwqm-c9f2-2cq3 | org.eclipse.hawkbit:hawkbit-boot-starter |
github.com/advisories/GHSA-jwqm-c9f2-2cq3 |
|
| GHSA-jwqm-c9f2-2cq3 | org.eclipse.hawkbit:hawkbit-boot-starter-ddi-api |
github.com/advisories/GHSA-jwqm-c9f2-2cq3 |
|
| GHSA-jwqm-c9f2-2cq3 | org.eclipse.hawkbit:hawkbit-boot-starter-dmf-api |
github.com/advisories/GHSA-jwqm-c9f2-2cq3 |
|
| GHSA-jwqm-c9f2-2cq3 | org.eclipse.hawkbit:hawkbit-boot-starter-mgmt-api |
github.com/advisories/GHSA-jwqm-c9f2-2cq3 |
|
| GHSA-jwqm-c9f2-2cq3 | org.eclipse.hawkbit:hawkbit-boot-starter-mgmt-ui |
github.com/advisories/GHSA-jwqm-c9f2-2cq3 |
|
| GHSA-jwqm-c9f2-2cq3 | org.eclipse.hawkbit:hawkbit-parent |
github.com/advisories/GHSA-jwqm-c9f2-2cq3 |
|
| GHSA-jwqm-c9f2-2cq3 | org.eclipse.hawkbit:hawkbit-starters |
github.com/advisories/GHSA-jwqm-c9f2-2cq3 |
|
| GHSA-jwqm-c9f2-2cq3 | org.eclipse.hawkbit:hawkbit-ui |
github.com/advisories/GHSA-jwqm-c9f2-2cq3 |
|
| GHSA-jwqm-c9f2-2cq3 | org.eclipse.hawkbit:hawkbit-update-server |
github.com/advisories/GHSA-jwqm-c9f2-2cq3 |