CVE-2019-17561 – org.codehaus.mevenide:netbeans

Package

Manager: maven
Name: org.codehaus.mevenide:netbeans
Vulnerable Version: >=0 <=3.1.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0073 pctl0.71811

Details

Improper Verification of Cryptographic Signature in Apache Netbeans The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability. NetBeans releases before the Apache transition started may also be affected.

Metadata

Created: 2022-05-24T17:12:56Z
Modified: 2022-11-14T22:25:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cf8q-j9h3-7237/GHSA-cf8q-j9h3-7237.json
CWE IDs: ["CWE-20", "CWE-347"]
Alternative ID: GHSA-cf8q-j9h3-7237
Finding: F163
Auto approve: 1