6.8
CVSSv2

CVE-2018-12550

Published: 27/03/2019 Updated: 28/03/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A vulnerability in Eclipse Mosquitto could allow an authenticated, remote malicious user to gain unauthorized access to a targeted system. The vulnerability exists when the affected software uses a blank access control list (ACL) file or an ACL file that contains comments or blank lines. An attacker could exploit this vulnerability to gain unauthorized access to a targeted client. A successful exploit could be used to conduct further attacks. Eclipse has confirmed the vulnerability and released software updates.

Vulnerability Trend

Affected Products

Vendor Product Versions
EclipseMosquitto1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.90, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.4.15, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5

Vendor Advisories

Debian Bug report logs - #921976 mosquitto: CVE-2018-12546 CVE-2018-12550 CVE-2018-12551 Package: src:mosquitto; Maintainer for src:mosquitto is Roger A Light <roger@atchooorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 10 Feb 2019 19:57:01 UTC Severity: grave Tags: security, upstream Found ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4388-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff February 10, 2019 wwwdebianorg/security/faq ...