Vulnerability CVE-2019-10103

Vulnerability CVE-2019-10103

Published: 2019-07-03

Description:

JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Jetbrains -> Kotlin

References:

https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/

Copyright 2024, cxsecurity.com