Описание
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mosquitto | fixed | 2.0.15-1 | package | |
| mosquitto | not-affected | buster | package | |
| mosquitto | not-affected | stretch | package |
Примечания
https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324
https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/638
Fixed by: https://github.com/eclipse/mosquitto/commit/32af599c81e63fa38e834b8f1c1f108c49328e95 (v2.0.12)
Связанные уязвимости
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
Уязвимость плагина Dynamic Security брокера сообщений Mosquitto, позволяющая нарушителю получить доступ к конфиденциальным данным