Vulnerabilities > CVE-2021-41033 - Unspecified vulnerability in Eclipse Equinox 4.21

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

eclipse

NVD

Published: 2021-09-13

Updated: 2021-09-24

Summary

In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code.

Vulnerable Configurations

Part	Description	Count
Application	Eclipse Eclipse Equinox * Eclipse Equinox 4.21	2

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=575688