CVE-2019-10102Cleartext Transmission of Sensitive Info in Kotlin

CWE-319Cleartext Transmission of Sensitive Info3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.0%
top 99.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jetbrains KotlinJetbrains Ktor
Timeline
PublishedJul 3
Latest updateMay 24

Description

JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDjetbrains/kotlin< 1.3.30
NVDjetbrains/ktor< 1.1.0

🔴Vulnerability Details

2
GHSA
GHSA-qw5p-m36f-mv2x: JetBrains Ktor framework (created using the Kotlin IDE template) versions before 12022-05-24
CVEList
CVE-2019-10102: JetBrains Ktor framework (created using the Kotlin IDE template) versions before 12019-07-03
CVE-2019-10102 — Jetbrains Kotlin vulnerability | cvebase