Описание
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-34434
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4WWGVF5BUFPYPCFUPPP4KRIYI5OTJN2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLUUM52Y6AEICPXPSRRXC6OBY4H5XKW7
- https://www.debian.org/security/2023/dsa-5511
Связанные уязвимости
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...
Уязвимость плагина Dynamic Security брокера сообщений Mosquitto, позволяющая нарушителю получить доступ к конфиденциальным данным