CVE-2017-7650 - Vulnerability Details - OpenCVE

In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Eclipse	Mosquitto

Configuration 1 [-]

cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
http://www.debian.org/security/2017/dsa-3865
http://www.securityfocus.com/bid/98741
https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765

History

No history.

MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2017-09-11T16:00:00Z

Updated: 2024-09-16T20:43:01.173Z

Reserved: 2017-04-11T00:00:00

Link: CVE-2017-7650

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-09-11T16:29:00.260

Modified: 2024-11-21T03:32:22.643

Link: CVE-2017-7650

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Mosquitto", "vendor": "Eclipse Foundation", "versions": [{"status": "affected", "version": "0.15 to 1.4.11 inclusive"}]}], "datePublic": "2017-05-29T00:00:00", "descriptions": [{"lang": "en", "value": "In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto."}], "problemTypes": [{"descriptions": [{"description": "loss of confidentiality", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/"}, {"name": "98741", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98741"}, {"name": "DSA-3865", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3865"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "DATE_PUBLIC": "2017-05-29T00:00:00", "ID": "CVE-2017-7650", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Mosquitto", "version": {"version_data": [{"version_value": "0.15 to 1.4.11 inclusive"}]}}]}, "vendor_name": "Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "loss of confidentiality"}]}]}, "references": {"reference_data": [{"name": "http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/", "refsource": "CONFIRM", "url": "http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/"}, {"name": "98741", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98741"}, {"name": "DSA-3865", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3865"}, {"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:12:27.700Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/"}, {"name": "98741", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98741"}, {"name": "DSA-3865", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3865"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765"}]}]}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2017-7650", "datePublished": "2017-09-11T16:00:00Z", "dateReserved": "2017-04-11T00:00:00", "dateUpdated": "2024-09-16T20:43:01.173Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*", "matchCriteriaId": "E80E733B-BD63-4B8E-88FE-11243F5BA437", "versionEndExcluding": "1.4.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto."}, {"lang": "es", "value": "En Mosquitto en versiones anteriores a la 1.4.12, las listas de control de acceso (ACL) basadas en patrones pueden ser omitidas por clientes que establecen su ID de nombre de usuario/cliente como '#' o '+'. Esto permite que los clientes conectados de forma local o remota accedan a temas MQTT a los que no tienen derecho de acceso. Este mismo problema tambi\u00e9n podr\u00eda estar presente en plugins de control de autenticaci\u00f3n/acceso para Mosquitto."}], "id": "CVE-2017-7650", "lastModified": "2024-11-21T03:32:22.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-11T16:29:00.260", "references": [{"source": "emo@eclipse.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3865"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98741"}, {"source": "emo@eclipse.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3865"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=516765"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}