Eclipse: >> Mosquitto >> 1.5.4 Security Vulnerabilities
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-12-13
Page 2