PT-2018-16196 · Mosquitto · Aedes
Matteo Collina
+1
·
Published
2018-08-08
·
Updated
2023-02-28
·
CVE-2018-3778
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
aedes versions prior to 0.35.1
Description
The issue is related to improper authorization, where aedes does not respect its own authorization rules when a client sets a
Last Will. This can lead to publishing a Last Will and Testament (LWT) in a channel even when the client is not authorized.Recommendations
Update to version 0.35.1 or later.
Fix
Incorrect Authorization
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Aedes