6.8
CVSSv2

CVE-2018-12550

Published: 27/03/2019 Updated: 28/03/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 664
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A vulnerability in Eclipse Mosquitto could allow an authenticated, remote malicious user to gain unauthorized access to a targeted system. The vulnerability exists when the affected software uses a blank access control list (ACL) file or an ACL file that contains comments or blank lines. An attacker could exploit this vulnerability to gain unauthorized access to a targeted client. A successful exploit could be used to conduct further attacks. Eclipse has confirmed the vulnerability and released software updates.

Vulnerability Trend

Affected Products

Vendor Product Versions
EclipseMosquitto1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.90, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.4.15, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4388-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff February 10, 2019 wwwdebianorg/security/faq ...