N/A

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as though no ACL file has been defined and use a default allow policy. The new behaviour is to have an empty ACL file mean that all access is denied, which is not a useful configuration but is not unexpected.

N/A

预期行为违背

Eclipse Mosquitto 访问控制错误漏洞

Eclipse Mosquitto是Eclipse基金会的一套开源的消息代理软件。 Eclipse Mosquitto 1.0版本至1.5.5版本中存在访问控制错误漏洞，该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。

N/A

N/A