Che
Monthly
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available.
For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available.
For Eclipse Che versions 6.16 to 7.3.0, with both authentication and TLS disabled, visiting a malicious web site could trigger the start of an arbitrary Che workspace. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.