Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2018-12546

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 27 ΠΌΠ°Ρ€. 2019
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: medium
EPSS Низкий
CVSS2: 4
CVSS3: 6.5

ОписаниС

In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed.

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

released

1.4.15-2ubuntu0.18.04.1
cosmic

released

1.4.15-2ubuntu0.18.10.1
devel

not-affected

1.5.6-1
disco

not-affected

1.5.6-1
esm-apps/bionic

released

1.4.15-2ubuntu0.18.04.1
esm-apps/xenial

released

1.4.8-1ubuntu0.16.04.5
esm-infra-legacy/trusty

not-affected

code not present
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

not-affected

code not present

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 48%
0.00252
Низкий

4 Medium

CVSS2

6.5 Medium

CVSS3

БвязанныС уязвимости

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2018-12546

CVSS3: 6.5
nvd
ΠΏΠΎΡ‡Ρ‚ΠΈ 7 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2018-12546

CVSS3: 6.5
debian
ΠΏΠΎΡ‡Ρ‚ΠΈ 7 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client pu ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-mx88-h56f-w25v

CVSS3: 6.5
github
большС 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed.

fstec Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

BDU:2020-03296

CVSS3: 6.5
fstec
ΠΎΠΊΠΎΠ»ΠΎ 7 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ Π±Ρ€ΠΎΠΊΠ΅Ρ€Π° сообщСний EclipseΒ Mosquitto, связанная с нСдостатками разграничСния доступа, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰Π°Ρ Π½Π°Ρ€ΡƒΡˆΠΈΡ‚Π΅Π»ΡŽ ΠΏΠΎΠ»ΡƒΡ‡ΠΈΡ‚ΡŒ нСсанкционированный доступ ΠΊ Π·Π°Ρ‰ΠΈΡ‰Π°Π΅ΠΌΠΎΠΉ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΈ

suse-cvrf Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

openSUSE-SU-2019:0233-1

suse-cvrf
ΠΏΠΎΡ‡Ρ‚ΠΈ 7 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Security update for mosquitto

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 48%
0.00252
Низкий

4 Medium

CVSS2

6.5 Medium

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2018-12546