| 2021-04-06 07:54:32 |
it0001 |
bug |
|
|
added bug |
| 2021-04-06 07:55:55 |
it0001 |
description |
Description
Multiple vulnerabilities have been reported in Apache Maven, which can be exploited by malicious people to bypass certain security restrictions.
1
An error when resolving custom repositories in dependency POMs over HTTP instead of HTTPS can be exploited to e.g. conduct a MitM (Man-in-the-Middle) attack.
The vulnerabilities are reported in versions prior to 3.8.1.
Affected Software
The following software is affected by the described vulnerability. Please check the vendor links below to see if exactly your version is affected.
Solution
Update to version 3.8.1.
References
1. http://maven.apache.org/docs/3.8.1/release-notes.html <http://maven.apache.org/docs/3.8.1/release-notes.html>
Please provide a solution as soon as possible. |
CVE Numbers
CVE‑2021‑26291 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26291> , CVE‑2020‑13956 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956>
Description
Multiple vulnerabilities have been reported in Apache Maven, which can be exploited by malicious people to bypass certain security restrictions.
1
An error when resolving custom repositories in dependency POMs over HTTP instead of HTTPS can be exploited to e.g. conduct a MitM (Man-in-the-Middle) attack.
The vulnerabilities are reported in versions prior to 3.8.1.
Affected Software
The following software is affected by the described vulnerability. Please check the vendor links below to see if exactly your version is affected.
Solution
Update to version 3.8.1.
References
1. http://maven.apache.org/docs/3.8.1/release-notes.html <http://maven.apache.org/docs/3.8.1/release-notes.html>
Please provide a solution as soon as possible. |
|
| 2021-04-06 20:47:16 |
Seth Arnold |
information type |
Private Security |
Public Security |
|
| 2021-04-06 20:47:17 |
Seth Arnold |
bug |
|
|
added subscriber Ubuntu Bugs |
| 2021-04-20 12:56:17 |
Eduardo Barretto |
bug task added |
|
httpcomponents-client (Ubuntu) |
|
| 2021-04-20 12:57:55 |
Eduardo Barretto |
httpcomponents-client (Ubuntu): status |
New |
Confirmed |
|
| 2021-04-20 12:57:59 |
Eduardo Barretto |
maven (Ubuntu): status |
New |
Confirmed |
|
| 2021-12-21 10:04:19 |
Hans Joachim Desserud |
cve linked |
|
2021-26291 |
|
| 2021-12-21 10:04:37 |
Hans Joachim Desserud |
cve linked |
|
2020-13956 |
|
| 2023-09-03 11:09:31 |
Luís Infante da Câmara |
attachment added |
|
maven_focal.debdiff https://bugs.launchpad.net/ubuntu/+source/maven/+bug/1922654/+attachment/5697379/+files/maven_focal.debdiff |
|
| 2023-09-03 11:10:03 |
Luís Infante da Câmara |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
| 2023-09-03 11:10:12 |
Luís Infante da Câmara |
maven (Ubuntu): assignee |
|
Luís Infante da Câmara (luis220413) |
|
| 2023-09-03 11:15:52 |
Luís Infante da Câmara |
maven (Ubuntu): assignee |
Luís Infante da Câmara (luis220413) |
|
|
| 2023-09-03 11:17:29 |
Luís Infante da Câmara |
attachment added |
|
maven_jammy.debdiff https://bugs.launchpad.net/ubuntu/+source/maven/+bug/1922654/+attachment/5697382/+files/maven_jammy.debdiff |
|
| 2023-09-03 11:17:33 |
Luís Infante da Câmara |
bug |
|
|
added subscriber Luís Infante da Câmara |
| 2023-09-04 07:43:39 |
Eduardo Barretto |
maven (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2023-09-04 07:43:41 |
Eduardo Barretto |
httpcomponents-client (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2023-09-13 19:27:17 |
Luís Infante da Câmara |
bug task added |
|
maven-resolver (Ubuntu) |
|
| 2023-09-13 19:27:38 |
Luís Infante da Câmara |
attachment added |
|
maven-resolver_focal.debdiff https://bugs.launchpad.net/ubuntu/+source/maven-resolver/+bug/1922654/+attachment/5700653/+files/maven-resolver_focal.debdiff |
|
| 2023-09-13 19:30:12 |
Luís Infante da Câmara |
attachment added |
|
maven-resolver_jammy.debdiff https://bugs.launchpad.net/ubuntu/+source/maven-resolver/+bug/1922654/+attachment/5700654/+files/maven-resolver_jammy.debdiff |
|
| 2023-09-13 19:30:39 |
Luís Infante da Câmara |
maven-resolver (Ubuntu): status |
New |
Fix Released |
|
| 2023-09-18 07:33:23 |
Luís Infante da Câmara |
attachment added |
|
maven_focal.debdiff https://bugs.launchpad.net/ubuntu/+source/maven/+bug/1922654/+attachment/5701761/+files/maven_focal.debdiff |
|
