Lucene search

K
cvelistEclipseCVELIST:CVE-2021-34434
HistoryAug 30, 2021 - 12:00 a.m.

CVE-2021-34434

2021-08-3000:00:00
CWE-285
eclipse
www.cve.org
2

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

54.6%

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.

CNA Affected

[
  {
    "vendor": "The Eclipse Foundation",
    "product": "Eclipse Mosquitto",
    "versions": [
      {
        "version": "2.0",
        "status": "affected",
        "lessThan": "unspecified",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "2.0.11",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

54.6%