Eclipse hawkBit versions before 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eclipse hawkbit 0.3.0 |
||
eclipse hawkbit |