ID CVE-2021-34434
Summary In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
References
Vulnerable Configurations
  • cpe:2.3:a:eclipse:mosquitto:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:eclipse:mosquitto:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:eclipse:mosquitto:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:eclipse:mosquitto:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:eclipse:mosquitto:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:eclipse:mosquitto:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:eclipse:mosquitto:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:eclipse:mosquitto:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:eclipse:mosquitto:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:eclipse:mosquitto:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:eclipse:mosquitto:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:eclipse:mosquitto:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:eclipse:mosquitto:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:eclipse:mosquitto:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:eclipse:mosquitto:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:eclipse:mosquitto:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:eclipse:mosquitto:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:eclipse:mosquitto:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:eclipse:mosquitto:2.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:eclipse:mosquitto:2.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:eclipse:mosquitto:2.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:eclipse:mosquitto:2.0.11:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 14-12-2021 - 22:00)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
Last major update 14-12-2021 - 22:00
Published 30-08-2021 - 20:15
Last modified 14-12-2021 - 22:00
Back to Top