Vulnerabilities > Eclipse > CHE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-29 | CVE-2021-41034 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Eclipse CHE The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. | 8.1 |
| 2020-12-14 | CVE-2020-14368 | Cross-Site Request Forgery (CSRF) vulnerability in Eclipse CHE A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. | 7.1 |
| 2020-04-03 | CVE-2020-10689 | Unspecified vulnerability in Eclipse CHE A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. low complexity eclipse | 6.8 |
| 2019-12-19 | CVE-2019-17633 | Cross-Site Request Forgery (CSRF) vulnerability in Eclipse CHE For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. | 8.8 |