#VU17464 Permissions, Privileges, and Access Controls in Eclipse Mosquitto - CVE-2018-12546
Published: February 11, 2019
Vulnerability identifier: #VU17464
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-12546
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Eclipse Mosquitto
Eclipse Mosquitto
Software vendor:
Eclipse
Eclipse
Description
The vulnerability allows a remote authenticated user to gain access to potentially sensitive information.
The vulnerability exists due to an error when messages were still delivered to clients after their access to topic was revoked. A remote authenticated user was able to obtain potentially sensitive information.
Remediation
Install updates from vendor's website.