d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
18ea97c468
mosquitto/www/pages/security.md
Roger A. Light e9b2fddaa5 Update security page
2022-08-16 16:00:12 +01:00

4.5 KiB
Raw Blame History

Reporting security vulnerabilities

If you think you have found a security vulnerability in Mosquitto, please follow the steps on Eclipse Security page to report it.

Past vulnerabilities

Listed with most recent first. Further information on security related issues can be found in the security category.

  • August 2022: Deleting the anonymous group in the dynamic security plugin could lead to a crash. Affecting versions 2.0.0 to 2.0.14 inclusive, fixed in 2.0.15.
  • August 2021: CVE-2021-34434 Affecting versions 2.0.0 to 2.0.11 inclusive, fixed in 2.0.12.
  • April 2021: CVE-2021-28166 Affecting versions 2.0.0 to 2.0.9 inclusive, fixed in 2.0.10.
  • December 2020: Running mosquitto_passwd with the following arguments only mosquitto_passwd -b password_file username password would cause the username to be used as the password. Affecting versions 2.0.0 to 2.0.2 inclusive, fixed in 2.0.3.
  • September 2019: CVE-2019-11779. Affecting versions 1.5 to 1.6.5 inclusive, fixed in 1.6.6 and 1.5.9. More details at version-166-released.
  • September 2019: CVE-2019-11778. Affecting versions 1.6 to 1.6.4 inclusive, fixed in 1.6.5. More details at version-166-released.
  • April 2019: No CVE assigned. Affecting versions 1.6 and 1.6.1, fixed in 1.6.2. More details at version-162-released.
  • December 2018: CVE-2018-20145. Affecting versions 1.5 to 1.5.4 inclusive, fixed in 1.5.5.. More details at version-155-released.
  • November 2018: No CVE assigned. Affecting versions 1.4 to 1.5.3 inclusive, fixed in 1.5.4. More details at version-154-released.
  • September 2018: CVE-2018-12543 affecting versions 1.5 to 1.5.2 inclusive, fixed in 1.5.3.
  • April 2018: CVE-2017-7655 affecting versions 1.0 to 1.4.15 inclusive, fixed in 1.5.
  • April 2018: CVE-2017-7654 affecting versions 1.0 to 1.4.15 inclusive, fixed in 1.5. [security-advisory-cve-2017-7653-cve-2017-7654].
  • April 2018: CVE-2017-7653 affecting versions 1.0 to 1.4.15 inclusive, fixed in 1.5.
  • February 2018: CVE-2017-7651 affecting versions 0.15 to 1.4.14 inclusive, fixed in 1.4.15. More details at security-advisory-cve-2017-7651-cve-2017-7652.
  • February 2018: CVE-2017-7652 affecting versions 1.0 to 1.4.14 inclusive, fixed in 1.4.15. More details at security-advisory-cve-2017-7651-cve-2017-7652.
  • June 2017: CVE-2017-9868 affecting versions 0.15 to 1.4.12 inclusive, fixed in 1.4.13. More details at security-advisory-cve-2017-9868.
  • May 2017: CVE-2017-7650 affecting versions 0.15 to 1.4.11 inclusive, fixed in 1.4.12. More details at security-advisory-cve-2017-7650.