CVE-2018-12550 is a vulnerability in Eclipse Mosquitto
Published on March 27, 2019
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.
Weakness Type
Expected Behavior Violation
A feature, API, or function does not perform according to its specification.
Products Associated with CVE-2018-12550
Want to know whenever a new CVE is published for Eclipse Mosquitto? stack.watch will email you.
Affected Versions
The Eclipse Foundation Eclipse Mosquitto:- Version 1.0 and below unspecified is affected.
- Version unspecified, <= 1.5.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.