CVE-2018-12546 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-12546 Interim 1 15 2023-09-07T00:35:03Z current 2021-05-30T14:14:31Z 2023-09-07T00:35:03Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-12546 In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-updates/2019-02/msg00125.html E-Mail link for openSUSE-SU-2019:0233-1 https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00056.html E-Mail link for openSUSE-SU-2019:0237-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 openSUSE Leap 15.0 openSUSE Tumbleweed libmosquitto1-1.4.15-bp150.3.3.1 libmosquitto1-1.4.15-lp150.2.3.1 libmosquitto1-2.0.11-1.2 libmosquittopp1-1.4.15-bp150.3.3.1 libmosquittopp1-1.4.15-lp150.2.3.1 libmosquittopp1-2.0.11-1.2 mosquitto-1.4.15-bp150.3.3.1 mosquitto-1.4.15-lp150.2.3.1 mosquitto-2.0.11-1.2 mosquitto-clients-1.4.15-bp150.3.3.1 mosquitto-clients-1.4.15-lp150.2.3.1 mosquitto-clients-2.0.11-1.2 mosquitto-devel-1.4.15-bp150.3.3.1 mosquitto-devel-1.4.15-lp150.2.3.1 mosquitto-devel-2.0.11-1.2 libmosquitto1-1.4.15-bp150.3.3.1 as a component of SUSE Package Hub 15 libmosquittopp1-1.4.15-bp150.3.3.1 as a component of SUSE Package Hub 15 mosquitto-1.4.15-bp150.3.3.1 as a component of SUSE Package Hub 15 mosquitto-clients-1.4.15-bp150.3.3.1 as a component of SUSE Package Hub 15 mosquitto-devel-1.4.15-bp150.3.3.1 as a component of SUSE Package Hub 15 libmosquitto1-1.4.15-lp150.2.3.1 as a component of openSUSE Leap 15.0 libmosquittopp1-1.4.15-lp150.2.3.1 as a component of openSUSE Leap 15.0 mosquitto-1.4.15-lp150.2.3.1 as a component of openSUSE Leap 15.0 mosquitto-clients-1.4.15-lp150.2.3.1 as a component of openSUSE Leap 15.0 mosquitto-devel-1.4.15-lp150.2.3.1 as a component of openSUSE Leap 15.0 libmosquitto1-2.0.11-1.2 as a component of openSUSE Tumbleweed libmosquittopp1-2.0.11-1.2 as a component of openSUSE Tumbleweed mosquitto-2.0.11-1.2 as a component of openSUSE Tumbleweed mosquitto-clients-2.0.11-1.2 as a component of openSUSE Tumbleweed mosquitto-devel-2.0.11-1.2 as a component of openSUSE Tumbleweed In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed. CVE-2018-12546 SUSE Package Hub 15:libmosquitto1-1.4.15-bp150.3.3.1 SUSE Package Hub 15:libmosquittopp1-1.4.15-bp150.3.3.1 SUSE Package Hub 15:mosquitto-1.4.15-bp150.3.3.1 SUSE Package Hub 15:mosquitto-clients-1.4.15-bp150.3.3.1 SUSE Package Hub 15:mosquitto-devel-1.4.15-bp150.3.3.1 openSUSE Leap 15.0:libmosquitto1-1.4.15-lp150.2.3.1 openSUSE Leap 15.0:libmosquittopp1-1.4.15-lp150.2.3.1 openSUSE Leap 15.0:mosquitto-1.4.15-lp150.2.3.1 openSUSE Leap 15.0:mosquitto-clients-1.4.15-lp150.2.3.1 openSUSE Leap 15.0:mosquitto-devel-1.4.15-lp150.2.3.1 openSUSE Tumbleweed:libmosquitto1-2.0.11-1.2 openSUSE Tumbleweed:libmosquittopp1-2.0.11-1.2 openSUSE Tumbleweed:mosquitto-2.0.11-1.2 openSUSE Tumbleweed:mosquitto-clients-2.0.11-1.2 openSUSE Tumbleweed:mosquitto-devel-2.0.11-1.2 moderate 4 AV:N/AC:L/Au:S/C:N/I:P/A:N 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N