CVE-2018-20145 on Ubuntu 18.04 LTS (bionic) - medium.
Description:
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.