Unrated severityOSV Advisory· Published Dec 13, 2018· Updated Aug 5, 2024

CVE-2018-20145

Description

Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.

Affected products

Eclipse Mosquitto/MosquittoOSV
Range: v1.4.1, v1.4.10, v1.4.11, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/eclipse/mosquitto/blob/master/ChangeLog.txtmitrex_refsource_MISC
github.com/eclipse/mosquitto/commit/9097577b49b7fdcf45d30975976dd93808ccc0c4mitrex_refsource_MISC
github.com/eclipse/mosquitto/issues/1073mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000