Security Advisory

CVE-2021-41034

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-29 21:35:09
Last updated 2024-08-04 02:59:31
Assigner eclipse
State PUBLISHED

Description

The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che.