AVG-353 log
Package | mosquitto |
Status | Fixed |
Severity | Medium |
Type | information disclosure |
Affected | 1.4.12-1 |
Fixed | 1.4.14-1 |
Current | 2.0.20-1 [extra] |
Ticket | None |
Created | Sat Jul 15 15:05:24 2017 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2017-9868 | Medium | No | Information disclosure | In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. |
Date | Advisory | Package | Type |
---|---|---|---|
16 Jul 2017 | ASA-201707-16 | mosquitto | information disclosure |