mosquitto

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An Open Source MQTT v3.1/v3.1.1 Broker
Version 1.5-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-353 1.4.12-1 1.4.14-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2017-9868 AVG-353 Medium No Information disclosure
In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.

Advisories

Date Advisory Group Severity Description
16 Jul 2017 ASA-201707-16 AVG-353 Medium information disclosure