CVE-2018-20145

Published December 13th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.

eclipse-mosquitto/mosquitto

Eclipse Mosquitto - An open source MQTT broker

GitHub

10.9K