Main Vulnerability Database Vulnerabilities #VU17464

Permissions, Privileges, and Access Controls in Eclipse Mosquitto - CVE-2018-12546

Published: February 11, 2019

Vulnerability identifier: #VU17464

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-12546

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Eclipse

Affected software:
Eclipse Mosquitto

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to potentially sensitive information.

The vulnerability exists due to an error when messages were still delivered to clients after their access to topic was revoked. A remote authenticated user was able to obtain potentially sensitive information.

How to mitigate CVE-2018-12546

Install updates from vendor's website.

Sources

https://mosquitto.org/blog/2019/02/version-1-5-6-released/

Permissions, Privileges, and Access Controls in Eclipse Mosquitto - CVE-2018-12546

Detailed vulnerability description

How to mitigate CVE-2018-12546

Sources

Please verify you're human