CVE Published: 29/09/2021 |
CVE Updated: 04/08/2024 |
CVE Year: 2021 Source: eclipse |
Vendor: The Eclipse Foundation |
Product: Eclipse Che Status : PUBLISHED
CVE-2021-41034 Description
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che.
CWE-ID: CWE-924 CWE Name: CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel Source: The Eclipse Foundation
Common Attack Pattern Enumeration and Classification (CAPEC)