mosquitto
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | An Open Source MQTT v3.1/v3.1.1 Broker |
| Version | 1.5-1 [community] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-353 | 1.4.12-1 | 1.4.14-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2017-9868 | AVG-353 | Medium | No | Information disclosure | In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 16 Jul 2017 | ASA-201707-16 | AVG-353 | Medium | information disclosure |