Homepage
About Snyk

org.eclipse.hono:hono-adapter-amqp-vertx@1.4.4 vulnerabilities

  • latest version

    1.12.3

  • latest non vulnerable version

    1.12.3

  • first published

    6 years ago

  • latest version published

    2 years ago

  • licenses detected

  • package manager

    View on Maven Repository
Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.eclipse.hono:hono-adapter-amqp-vertx package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Authorization

Affected versions of this package are vulnerable to Improper Authorization. The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked.

How to fix Improper Authorization?

Upgrade org.eclipse.hono:hono-adapter-amqp-vertx to version 1.4.5, 1.5.1 or higher.

[1.4.0,1.4.5) [1.5.0,1.5.1)
Go back to all versions of this package