Persistence file is world readable
Bug #1700490 reported by
Roger Light
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mosquitto (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
If persistence is enabled (as it is by default on Ubuntu), the mosquitto.db file is world readable.
This means any local user can access this file and potentially access sensitive data.
This is CVE-2017-9868. https:/
Upstream bug: https:/
This has already been publicly disclosed.
CVE References
information type: | Private Security → Public Security |
To post a comment you must log in.
Artful is also affected, but I'm going to fix that with a new upstream release.