CVE-2017-9868

CVE-2017-9868

EPSS 0.4%

In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/eclipse/mosquitto/issues/468 https://lists.debian.org/debian-lts-announce/2018/09/msg00036.html