Количество 6
Количество 6
CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.
CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.
CVE-2018-12550
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured ...
GHSA-5cgw-j2m3-gxhw
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.
BDU:2020-03295
Уязвимость брокера сообщений Eclipse Mosquitto, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
openSUSE-SU-2019:0233-1
Security update for mosquitto
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-12550 When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected. | CVSS3: 8.1 | 0% Низкий | почти 7 лет назад |
 | CVE-2018-12550 When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected. | CVSS3: 8.1 | 0% Низкий | почти 7 лет назад |
| CVE-2018-12550 When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured ... | CVSS3: 8.1 | 0% Низкий | почти 7 лет назад |
| GHSA-5cgw-j2m3-gxhw When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected. | CVSS3: 8.1 | 0% Низкий | больше 3 лет назад |
 | BDU:2020-03295 Уязвимость брокера сообщений Eclipse Mosquitto, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 8.1 | 0% Низкий | около 7 лет назад |
 | openSUSE-SU-2019:0233-1 Security update for mosquitto | почти 7 лет назад |
Уязвимостей на страницу