CVE-2019-10103Missing Encryption of Sensitive Data in Kotlin

CWE-311Missing Encryption of Sensitive Data4 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.0%
top 99.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jetbrains Kotlin
Timeline
PublishedJul 3
Latest updateMay 24

Description

JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

NVDjetbrains/kotlin< 1.3.30

🔴Vulnerability Details

3
GHSA
GHSA-8fr9-3mxv-p3vf: JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection2022-05-24
CVEList
CVE-2019-10103: JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection2019-07-03
OSV
CVE-2019-10103: JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection2019-07-03
CVE-2019-10103 — Missing Encryption of Sensitive Data | cvebase