Eclipse Mosquitto 1.5.x prior to 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eclipse mosquitto |