Vulnerabilities > Eclipse > CHE

DATE CVE VULNERABILITY TITLE RISK
2021-09-29 CVE-2021-41034 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Eclipse CHE
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint.
network
high complexity
eclipse CWE-924
8.1
2020-12-14 CVE-2020-14368 Unspecified vulnerability in Eclipse CHE
A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces.
network
high complexity
eclipse
7.1
2020-04-03 CVE-2020-10689 Unspecified vulnerability in Eclipse CHE
A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods.
low complexity
eclipse
6.8
2019-12-19 CVE-2019-17633 Cross-Site Request Forgery (CSRF) vulnerability in Eclipse CHE
For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace.
network
low complexity
eclipse CWE-352
8.8