CVE-2019-10101 - OpenCVE

JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Jetbrains	Kotlin

Configuration 1 [-]

cpe:2.3:a:jetbrains:kotlin:*:*:*:*:*:*:*:*

References

Link	Resource
https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/	Vendor Advisory
https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb	Exploit Third Party Advisory
https://security.netapp.com/advisory/ntap-20230818-0012/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-03T00:00:00

Updated: 2023-08-18T13:06:34.467698

Reserved: 2019-03-26T00:00:00

Link: CVE-2019-10101

JSON object: View

NVD Information

Status : Modified

Published: 2019-07-03T20:15:11.120

Modified: 2023-08-18T14:15:17.397

Link: CVE-2019-10101

JSON object: View

Redhat Information

No data.

CWE

CWE-319

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jetbrains:kotlin:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAFF22E5-5E1B-4BF3-88FB-D9A923AFFDC1", "versionEndExcluding": "1.3.30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack."}, {"lang": "es", "value": "Las versiones de JetBrains Kotlin anteriores a la 1.3.30 estaban resolviendo artefactos utilizando una conexi\u00f3n http durante el proceso de construcci\u00f3n, lo que posiblemente permit\u00eda un ataque MITM."}], "id": "CVE-2019-10101", "lastModified": "2023-08-18T14:15:17.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-03T20:15:11.120", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20230818-0012/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}