CVE-2018-12546
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed.
En Eclipse Mosquitto, desde la versión 1.0 hasta la 1.5.5 (incluidas), cuando un cliente publica un mensaje retenido en un tema y luego se le niega el acceso a dicho tema, el mensaje retenido se publicará de todas formas a los clientes que se suscriban a ese tema en el futuro. En algunas aplicaciones, esto podría resultar en que los clientes sean capaces de provocar efectos que no les están permitidos de otra forma.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-06-18 CVE Reserved
- 2019-02-11 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-284: Improper Access Control
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.eclipse.org/bugs/show_bug.cgi?id=543127 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Eclipse Search vendor "Eclipse" | Mosquitto Search vendor "Eclipse" for product "Mosquitto" | >= 1.0 <= 1.5.5 Search vendor "Eclipse" for product "Mosquitto" and version " >= 1.0 <= 1.5.5" | - |
Affected
| ||||||