Insecure Maven Artifact Resolution in Eclipse Vorto Prior to 0.11

Insecure Maven Artifact Resolution in Eclipse Vorto Prior to 0.11

CVE-2019-10248 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected.

Learn more about our Web Application Penetration Testing UK.