CVE-2019-10248
UnknownEPSS 0.43%
Last modified
CVE-2019-10248 is a vulnerability of currently unknown severity. Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Eclipse | Vorto | < 0.11 |
References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=546622Third Party Advisory
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=546622Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-10248?
Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.
How severe is CVE-2019-10248?
Severity scoring for CVE-2019-10248 is pending analysis. The EPSS model estimates a 0.43% probability of exploitation in the next 30 days.
How do I fix CVE-2019-10248?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2019-10248?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST