Download
| Alert*
|
oval:org.secpod.oval:def:1800859
A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ... oval:org.secpod.oval:def:112445 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors ... oval:org.secpod.oval:def:1800661 A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ... oval:org.secpod.oval:def:1800653 A vulnerability exists in Mosquitto versions 0.15 to 1.4.11. Pattern based ACLs can be bypassed by clients that set their username/client id to # or +. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third part ... oval:org.secpod.oval:def:112441 Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors ... oval:org.secpod.oval:def:602907 It was discovered that pattern-based ACLs in the Mosquitto MQTT broker could be bypassed. |
