AVG-353 log
| Package | mosquitto |
| Status | Fixed |
| Severity | Medium |
| Type | information disclosure |
| Affected | 1.4.12-1 |
| Fixed | 1.4.14-1 |
| Current | 2.0.18-3 [extra] |
| Ticket | None |
| Created | Sat Jul 15 15:05:24 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-9868 | Medium | No | Information disclosure | In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 16 Jul 2017 | ASA-201707-16 | mosquitto | information disclosure |