AVG-353

Package mosquitto
Status Fixed
Severity Medium
Type information disclosure
Affected 1.4.12-1
Fixed 1.4.14-1
Current 1.5-1 [community]
Ticket None
Created Sat Jul 15 15:05:24 2017
Issue Severity Remote Type Description
CVE-2017-9868 Medium No Information disclosure
In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.
Date Advisory Package Description
16 Jul 2017 ASA-201707-16 mosquitto information disclosure