CVE-2018-12546

2019-03-2700:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

18.1%

JSON

In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client
publishes a retained message to a topic, then has its access to that topic
revoked, the retained message will still be published to clients that
subscribe to that topic in the future. In some applications this may result
in clients being able cause effects that would otherwise not be allowed.

Bugs

Notes

Author	Note
ebarretto	mosquitto’s version on Trusty is EOL. The first patch introduced a regression, please see bug below https://bugs.launchpad.net/bugs/1815695

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchmosquitto< 1.4.15-2ubuntu0.18.04.1UNKNOWN
ubuntu18.10noarchmosquitto< 1.4.15-2ubuntu0.18.10.1UNKNOWN
ubuntu16.04noarchmosquitto< 1.4.8-1ubuntu0.16.04.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	mosquitto	< 1.4.15-2ubuntu0.18.04.1	UNKNOWN
ubuntu	18.10	noarch	mosquitto	< 1.4.15-2ubuntu0.18.10.1	UNKNOWN
ubuntu	16.04	noarch	mosquitto	< 1.4.8-1ubuntu0.16.04.5	UNKNOWN