Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-12550

Опубликовано: 27 мар. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 8.1

Описание

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.

РелизСтатусПримечание
bionic

released

1.4.15-2ubuntu0.18.04.1
cosmic

released

1.4.15-2ubuntu0.18.10.1
devel

not-affected

1.5.6-1
disco

not-affected

1.5.6-1
eoan

not-affected

1.5.6-1
esm-apps/bionic

released

1.4.15-2ubuntu0.18.04.1
esm-apps/focal

not-affected

1.5.6-1
esm-apps/jammy

not-affected

1.5.6-1
esm-apps/noble

not-affected

1.5.6-1
esm-apps/xenial

released

1.4.8-1ubuntu0.16.04.5

Показывать по

Ссылки на источники

EPSS

Процентиль: 64%
0.0047
Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-12550

CVSS3: 8.1
nvd
почти 7 лет назад

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.

debian логотип

CVE-2018-12550

CVSS3: 8.1
debian
почти 7 лет назад

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured ...

github логотип

GHSA-5cgw-j2m3-gxhw

CVSS3: 8.1
github
больше 3 лет назад

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.

fstec логотип

BDU:2020-03295

CVSS3: 8.1
fstec
около 7 лет назад

Уязвимость брокера сообщений Eclipse Mosquitto, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

suse-cvrf логотип

openSUSE-SU-2019:0233-1

suse-cvrf
почти 7 лет назад

Security update for mosquitto

EPSS

Процентиль: 64%
0.0047
Низкий

6.8 Medium

CVSS2

8.1 High

CVSS3