*** This bug is a security vulnerability *** Public security bug reported:
If persistence is enabled (as it is by default on Ubuntu), the mosquitto.db file is world readable. This means any local user can access this file and potentially access sensitive data. This is CVE-2017-9868. https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2017-9868 Upstream bug: https://github.com/eclipse/mosquitto/issues/468 This has already been publicly disclosed. ** Affects: mosquitto (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1700490 Title: Persistence file is world readable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mosquitto/+bug/1700490/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
