What is CVE-2019-10102?

CVE-2019-10102 is a high-severity vulnerability in Jetbrains Kotlin, classified under Cleartext Transmission of Sensitive Information. CVSS score: 8.1/10. Published 2019-07-03.

How severe is CVE-2019-10102?

High severity. CVSS v3 base score is 8.1 out of 10.

Is CVE-2019-10102 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jetbrains Kotlin

CVE-2019-10102

JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin v…

EPSS: 0.009 (55.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Jetbrains Kotlin
Jetbrains Ktor
N/a — versions n/a

Weakness classification (CWE)

CWE-319 — Cleartext Transmission of Sensitive Information

Public proof-of-concept exploits

References

cve@mitre.org (Vendor Advisory)
cve@mitre.org

Frequently asked questions

What is CVE-2019-10102?: CVE-2019-10102 is a high-severity vulnerability in Jetbrains Kotlin, classified under Cleartext Transmission of Sensitive Information. CVSS score: 8.1/10. Published 2019-07-03.
How severe is CVE-2019-10102?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2019-10102 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.