{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-34434", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "dateUpdated": "2024-08-04T00:12:50.159Z", "dateReserved": "2021-06-09T00:00:00", "datePublished": "2021-08-30T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2023-10-02T11:06:28.988133"}, "descriptions": [{"lang": "en", "value": "In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked."}], "affected": [{"vendor": "The Eclipse Foundation", "product": "Eclipse Mosquitto", "versions": [{"version": "2.0", "status": "affected", "lessThan": "unspecified", "versionType": "custom"}, {"version": "unspecified", "lessThanOrEqual": "2.0.11", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324"}, {"name": "FEDORA-2021-aee8f32946", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4WWGVF5BUFPYPCFUPPP4KRIYI5OTJN2/"}, {"name": "FEDORA-2021-dc6df3744a", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLUUM52Y6AEICPXPSRRXC6OBY4H5XKW7/"}, {"name": "DSA-5511", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5511"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-285: Improper Authorization", "cweId": "CWE-285"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:12:50.159Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324", "tags": ["x_transferred"]}, {"name": "FEDORA-2021-aee8f32946", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4WWGVF5BUFPYPCFUPPP4KRIYI5OTJN2/"}, {"name": "FEDORA-2021-dc6df3744a", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLUUM52Y6AEICPXPSRRXC6OBY4H5XKW7/"}, {"name": "DSA-5511", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5511"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*", "matchCriteriaId": "07853BAC-AF86-4FF4-B0DB-FC0B91EE1E28", "versionEndIncluding": "2.0.11", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked."}, {"lang": "es", "value": "En Eclipse Mosquitto versiones 2.0 hasta 2.0.11, cuando se usa el plugin de seguridad din\u00e1mica, si se revoca la habilidad de un cliente para realizar suscripciones en un tema cuando un cliente duradero est\u00e1 fuera de l\u00ednea, las suscripciones existentes para ese cliente no son revocadas."}], "id": "CVE-2021-34434", "lastModified": "2024-11-21T06:10:24.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-30T20:15:07.363", "references": [{"source": "emo@eclipse.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324"}, {"source": "emo@eclipse.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4WWGVF5BUFPYPCFUPPP4KRIYI5OTJN2/"}, {"source": "emo@eclipse.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLUUM52Y6AEICPXPSRRXC6OBY4H5XKW7/"}, {"source": "emo@eclipse.org", "url": "https://www.debian.org/security/2023/dsa-5511"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4WWGVF5BUFPYPCFUPPP4KRIYI5OTJN2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLUUM52Y6AEICPXPSRRXC6OBY4H5XKW7/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2023/dsa-5511"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "emo@eclipse.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}