CVE-2018-12546 is a vulnerability in Eclipse Mosquitto
Published on March 27, 2019
In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2018-12546 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2018-12546
Want to know whenever a new CVE is published for Eclipse Mosquitto? stack.watch will email you.
Affected Versions
The Eclipse Foundation Eclipse Mosquitto:- Version 1.0 and below unspecified is affected.
- Version unspecified, <= 1.5.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.