Vulnerabilities > Eclipse > Mosquitto > 1.5.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-27 | CVE-2018-12546 | Incorrect Permission Assignment for Critical Resource vulnerability in Eclipse Mosquitto In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. | 6.5 |
| 2018-12-13 | CVE-2018-20145 | Incorrect Permission Assignment for Critical Resource vulnerability in Eclipse Mosquitto Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored. | 7.5 |