Primary

Context

Uniffle HTTP Client Insecure SSL Configuration Vulnerability

Vulnerability

A vulnerability exists in the Uniffle HTTP client prior to version 0.10.0, where the client is set to trust all SSL certificates and disables hostname verification by default. This misconfiguration creates a potential Man-in-the-Middle (MITM) attack vector, compromising REST API communications between the Uniffle CLI/client and the Uniffle Coordinator service.

Impact

Exploitation of this vulnerability could lead to Man-in-the-Middle (MITM) attacks, allowing an attacker to intercept and potentially alter communications between the Uniffle CLI/client and the Uniffle Coordinator service.

Remediation

Users are advised to upgrade to Uniffle version 0.10.0 or later, which addresses this vulnerability.

Added: Jan 7, 2026, 12:28 PM

Updated: Jan 7, 2026, 5:53 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.0

remediation

7.7

relevance

1.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Uniffle HTTP Client Insecure SSL Configuration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating