N/A

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.

N/A

授权机制不恰当

Eclipse Mosquitto 授权问题漏洞

Eclipse Mosquitto是Eclipse基金会的一套开源的消息代理软件。 Eclipse Mosquitto 存在安全漏洞，该漏洞源于在Eclipse mosquito 2.0到2.0.11版本中，当使用动态安全插件时，如果在持久客户端离线时取消客户端订阅主题的能力，则不会取消该客户端的现有订阅。

N/A

N/A