The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this behavior an attacker with the ability to man-in-the-middle a developer or system performing a package installation could compromise the integrity of the installation.
Published 2018-06-04 19:29:02
Updated 2019-10-09 23:24:38
Source HackerOne
View at NVD,   CVE.org

Products affected by CVE-2017-16035

Exploit prediction scoring system (EPSS) score for CVE-2017-16035

0.16%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-16035

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.3
HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
NIST
8.1
HIGH CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2.2
5.9
NIST

CWE ids for CVE-2017-16035

References for CVE-2017-16035

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!