CVE-2021-34434 details.
This commit is contained in:
Roger A. Light
parent
37b5aedcb6
commit
06c84aeb66
@ -14,7 +14,7 @@ Security:
|
||||
remotely accessible listener to be opened that was not confined to the local
|
||||
machine but did have anonymous access enabled, contrary to the
|
||||
documentation. This has been fixed. Closes #2283.
|
||||
- If a plugin had granted ACL subscription access to a
|
||||
- CVE-2021-34434: If a plugin had granted ACL subscription access to a
|
||||
durable/non-clean-session client, then removed that access, the client would
|
||||
keep its existing subscription. This has been fixed.
|
||||
- Incoming QoS 2 messages that had not completed the QoS flow were not being
|
||||
|
||||
@ -19,6 +19,8 @@ follow the steps on [Eclipse Security] page to report it.
|
||||
Listed with most recent first. Further information on security related issues
|
||||
can be found in the [security category].
|
||||
|
||||
* August 2021: [CVE-2021-34434] Affecting versions **2.0.0** to **2.0.11**
|
||||
inclusive, fixed in **2.0.12**.
|
||||
* April 2021: [CVE-2021-28166] Affecting versions **2.0.0** to **2.0.9**
|
||||
inclusive, fixed in **2.0.10**.
|
||||
* December 2020: Running mosquitto_passwd with the following arguments only
|
||||
@ -69,6 +71,7 @@ can be found in the [security category].
|
||||
[Eclipse Security]: https://www.eclipse.org/security/
|
||||
[security category]: /blog/categories/security/
|
||||
|
||||
[CVE-2021-34434]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34434
|
||||
[CVE-2021-28166]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28166
|
||||
[CVE-2019-11779]: https://nvd.nist.gov/vuln/detail/CVE-2019-11779
|
||||
[CVE-2019-11778]: https://nvd.nist.gov/vuln/detail/CVE-2019-11778
|
||||
|
||||
Loading…
Reference in New Issue
Block a user