Vulnerability in The Eclipse Foundation Che

CVE-2021-41034

The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original…

EPSS: 0.002 (42.6th percentile) — read the EPSS interpretation.

Affected products

The Eclipse Foundation Che — versions 6.0, unspecified

Weakness classification (CWE)

CWE-924 — Improper Enforcement of Message Integrity During Transmission in a Communication Channel

References

bugs.eclipse.org/bugs/show_bug.cgi (x_refsource_CONFIRM)