Syncxxx Song

**Name of the Vulnerable Software and Affected Versions** Eclipse Mosquitto versions 2.0 through 2.0.11 **Description** The issue is related to the dynamic security plugin in Eclipse Mosquitto. When the ability for a client to make subscriptions on a topic is revoked while a durable client is offline, existing subscriptions for that client are not revoked. This is due to an authorization flaw. The exploitation of this flaw allows a remote attacker to access confidential data. **Recommendations** For Eclipse Mosquitto versions 2.0 through 2.0.11, as a temporary workaround, consider disabling the dynamic security plugin until a patch is available. Restrict access to the subscription functionality for durable clients to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.