CVE-2019-10101

JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.

Weakness

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Affected Software

Name	Vendor	Start Version	End Version
Kotlin	Jetbrains	*	1.3.30 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/102.html
https://cwe.mitre.org/data/definitions/117.html
https://cwe.mitre.org/data/definitions/383.html
https://cwe.mitre.org/data/definitions/477.html
https://cwe.mitre.org/data/definitions/65.html

References

https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/
https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb
https://security.netapp.com/advisory/ntap-20230818-0012/
https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/
https://medium.com/bugbountywriteup/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb
https://security.netapp.com/advisory/ntap-20230818-0012/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-10101
CWE	https://cwe.mitre.org/data/definitions/319.html

Cleartext Transmission of Sensitive Information

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References