PT-2017-19232 · Eclipse+1 · Mosquitto+1

Dalmoz

·

Publicado

2017-06-25

·

Atualizado

2019-03-12

·

CVE-2017-9868

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Mosquitto versions prior to 1.4.13
Description The issue allows local users to obtain sensitive MQTT topic information due to the world-readable mosquitto.db file, also known as the persistence file.
Recommendations For Mosquitto versions prior to 1.4.13, update to version 1.4.13 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the mosquitto.db file to restrict access until a patch is applied.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2018-1080
CVE-2017-9868
DLA-1146-1
DLA-1525-1
OPENSUSE-SU-2024:11057-1

Produtos afetados

Alt Linux
Mosquitto