Home

CVE-2021-34434

Description

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.363

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2021-34434,CVE-2021-41039 are affected in Mosquitto 2.0.11Windows
Vulnerabilities CVE-2021-34434 are fixed in Eclipse Mosquitto MQTT broker (2.0.18)Windows
Vulnerabilities CVE-2021-34434 are fixed in Eclipse Mosquitto MQTT broker (x64) (2.0.18)Windows
MQTT version 3.1/3.1.1 compatible message broker (USN-6492-1) mosquitto_2.0.11-1ubuntu1.1_amd64.debLinux
MQTT version 3.1/3.1.1 compatible message broker (USN-6492-1) mosquitto_2.0.11-1.2ubuntu0.1_amd64.debLinux
mosquitto security update(DSA-5511-1) mosquitto_2.0.11-1+deb11u1_i386.debLinux
mosquitto security update(DSA-5511-1) mosquitto_2.0.11-1+deb11u1_amd64.debLinux
mosquitto security update(DSA-5511-1) mosquitto_2.0.11-1.2+deb12u1_i386.debLinux
mosquitto security update(DSA-5511-1) mosquitto_2.0.11-1.2+deb12u1_amd64.debLinux
Incorrect Authorization Vulnerability (CVE-2021-34434)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-333302Eclipse Mosquitto MQTT broker (2.0.18)
PATCH-333303Eclipse Mosquitto MQTT broker (x64) (2.0.18)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234