Summary: | Mosquitto Windows Service Unquoted Path vulnerability | ||||||
---|---|---|---|---|---|---|---|
Product: | Community | Reporter: | Josh Tanski <JTanski> | ||||
Component: | Vulnerability Reports | Assignee: | Security vulnerabilitied reported against Eclipse projects <vulnerability.reports-inbox> | ||||
Status: | RESOLVED FIXED | QA Contact: | |||||
Severity: | normal | ||||||
Priority: | P3 | CC: | JTanski, roger, wayne.beaton | ||||
Version: | unspecified | Keywords: | security | ||||
Target Milestone: | --- | ||||||
Hardware: | PC | ||||||
OS: | Windows All | ||||||
Whiteboard: | |||||||
Attachments: |
|
Thank you, we've now released an installer which fixes this. |
Created attachment 283738 [details] Screenshot showing unquoted path to executable Ran mosquitto-1.6.10a-install-windows-x64.exe on a fresh Windows Server 2019 install. Mosquitto Broker service was installed, but path is unquoted and contains space, installer should be fixed to put path in quotes to fix this Windows Service Unquoted Path vulnerability. Screenshot attached - Path to executable C:\Program Files\mosquitto\mosquitto.exe run should be replaced with something like "C:\Program Files\mosquitto\mosquitto.exe" run