Red Hat Bugzilla – Bug 1464946
CVE-2017-9868 mosquitto: World-readable persistence file possibly leaking sensitive information
Last modified: 2017-08-22 08:35:15 EDT
In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.
Created mosquitto tracking bugs for this issue:
Affects: epel-7 [bug 1464947]
Affects: fedora-all [bug 1464948]