QwikSec

Security Database

CVE

CWE

Training

CVE-2021-34434

Published: Aug 30, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.

Vendor	Product	Versions
The Eclipse Foundation	Eclipse Mosquitto	affected `2.0 - < unspecified` affected `unspecified - <= 2.0.11`

Weaknesses (CWE)

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324

FEDORA-2021-aee8f32946

vendor-advisory

FEDORA-2021-dc6df3744a

vendor-advisory

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.