CVE-2018-20145 is a vulnerability in Eclipse Mosquitto
Published on December 13, 2018
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.
Products Associated with CVE-2018-20145
Want to know whenever a new CVE is published for Eclipse Mosquitto? stack.watch will email you.
Exploit Probability
EPSS
0.21%
Percentile
43.64%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.