Vulnerability Reporteclipse-mosquitto:2.0.17

eclipse-mosquitto:2.0.17

DIGESTsha256:d30913b55488ffb6f5f15eea27c2aca4e38d862b62b13c758f756c77e2acd173

Executive Summary

Threat ScoreNEEDS ATTENTION• Official Docker image with pinned digest ensures integrity and trust.• Only one exposed vulnerability (CVE-2023-50471) with severity 6.0, related to cJSON parsing.• No high-severity exposed vulnerabilities; max severity is 6.0.• All 27 post-exploit vulnerabilities are low severity (max 3.57), with no high-severity findings.

25/100NEEDS ATTENTION

ReputationOFFICIAL• Official Docker Hub Image• Pinned by digest (Immutable)

TRUSTED

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The main vulnerability CVE-2023-50471 could cause a denial of service if the container processes untrusted JSON input. Since Mosquitto may use JSON for MQTT v5 properties, this risk is plausible. However, the official image and pinned digest offer strong supply chain security. Overall, the risk is manageable with proper network segmentation and input validation.

Vulnerabilities

Vulnerability Log

40 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2023-50471	MEDIUM6	cjson 1.7.15-r4 fixed in 1.7.17-r0	1.5% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-26519	MEDIUM5.95	musl 1.2.4-r1 fixed in 1.2.4-r3	0.3% Theoretical Threat	Directly Exposed
CVE-2024-0727	MEDIUM5.5	libcrypto3 3.1.2-r0 fixed in 3.1.4-r5	3.2% Low-Moderate Risk	Directly Exposed
CVE-2024-0727	MEDIUM5.5	libssl3 3.1.2-r0 fixed in 3.1.4-r5	3.2% Low-Moderate Risk	Directly Exposed
CVE-2023-50472	MEDIUM5.1	cjson 1.7.15-r4 fixed in 1.7.17-r0	1.0% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2024-5535	MEDIUM4.72	libcrypto3 3.1.2-r0 fixed in 3.1.6-r0	5.6% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-5535	MEDIUM4.72	libssl3 3.1.2-r0 fixed in 3.1.6-r0	5.6% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-13176	MEDIUM4	libcrypto3 3.1.2-r0 fixed in 3.1.8-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2024-13176	MEDIUM4	libssl3 3.1.2-r0 fixed in 3.1.8-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2024-2511	LOW3.85	libcrypto3 3.1.2-r0 fixed in 3.1.4-r6	54.0% Actively Exploited	Directly ExposedContext importance: MEDIUM
CVE-2024-2511	LOW3.85	libssl3 3.1.2-r0 fixed in 3.1.4-r6	54.0% Actively Exploited	Directly ExposedContext importance: MEDIUM
CVE-2024-9143	LOW3.7	libcrypto3 3.1.2-r0 fixed in 3.1.7-r1	6.0% Low-Moderate Risk	Directly Exposed
CVE-2024-9143	LOW3.7	libssl3 3.1.2-r0 fixed in 3.1.7-r1	6.0% Low-Moderate Risk	Directly Exposed
CVE-2025-26519	LOW3.57	musl-utils 1.2.4-r1 fixed in 1.2.4-r3	0.3% Theoretical Threat	Post-Exploit
CVE-2024-6119	LOW3.51	libcrypto3 3.1.2-r0 fixed in 3.1.7-r0	66.6% Actively Exploited	Post-Exploit
CVE-2024-6119	LOW3.51	libssl3 3.1.2-r0 fixed in 3.1.7-r0	66.6% Actively Exploited	Post-Exploit
CVE-2023-42363	LOW2.8	busybox 1.36.1-r2 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42364	LOW2.8	busybox 1.36.1-r2 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42365	LOW2.8	busybox 1.36.1-r2 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42366	LOW2.8	busybox 1.36.1-r2 fixed in 1.36.1-r6	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42363	LOW2.8	busybox-binsh 1.36.1-r2 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42364	LOW2.8	busybox-binsh 1.36.1-r2 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42365	LOW2.8	busybox-binsh 1.36.1-r2 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42366	LOW2.8	busybox-binsh 1.36.1-r2 fixed in 1.36.1-r6	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42363	LOW2.8	ssl_client 1.36.1-r2 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42364	LOW2.8	ssl_client 1.36.1-r2 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42365	LOW2.8	ssl_client 1.36.1-r2 fixed in 1.36.1-r7	0.4% Theoretical Threat	Post-Exploit
CVE-2023-42366	LOW2.8	ssl_client 1.36.1-r2 fixed in 1.36.1-r6	0.4% Theoretical Threat	Post-Exploit
CVE-2023-5363	LOW2.7	libcrypto3 3.1.2-r0 fixed in 3.1.4-r0	3.3% Low-Moderate Risk	Post-Exploit
CVE-2023-5363	LOW2.7	libssl3 3.1.2-r0 fixed in 3.1.4-r0	3.3% Low-Moderate Risk	Post-Exploit
CVE-2023-6129	LOW2.34	libcrypto3 3.1.2-r0 fixed in 3.1.4-r3	2.3% Low-Moderate Risk	Post-Exploit
CVE-2023-6129	LOW2.34	libssl3 3.1.2-r0 fixed in 3.1.4-r3	2.3% Low-Moderate Risk	Post-Exploit
CVE-2023-6237	LOW2.12	libcrypto3 3.1.2-r0 fixed in 3.1.4-r4	2.3% Low-Moderate Risk	Post-Exploit
CVE-2023-6237	LOW2.12	libssl3 3.1.2-r0 fixed in 3.1.4-r4	2.3% Low-Moderate Risk	Post-Exploit
CVE-2024-4741	LOW2.02	libcrypto3 3.1.2-r0 fixed in 3.1.6-r0	2.9% Low-Moderate Risk	Post-Exploit
CVE-2024-4741	LOW2.02	libssl3 3.1.2-r0 fixed in 3.1.6-r0	2.9% Low-Moderate Risk	Post-Exploit
CVE-2023-5678	LOW1.91	libcrypto3 3.1.2-r0 fixed in 3.1.4-r1	4.5% Low-Moderate Risk	Post-Exploit
CVE-2024-4603	LOW1.91	libcrypto3 3.1.2-r0 fixed in 3.1.5-r0	1.1% Low-Moderate Risk	Post-Exploit
CVE-2023-5678	LOW1.91	libssl3 3.1.2-r0 fixed in 3.1.4-r1	4.5% Low-Moderate Risk	Post-Exploit
CVE-2024-4603	LOW1.91	libssl3 3.1.2-r0 fixed in 3.1.5-r0	1.1% Low-Moderate Risk	Post-Exploit