CVE-2015-5069
MEDIUMBattle For Wesnoth < 1.12.2 - Information Disclosure
Title source: ruleDescription
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.
References (9)
Core 9
Core References
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/wesnoth/wesnoth/releases/tag/1.13.1
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1236010
Patch, Third Party Advisory x_refsource_confirm
https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html
Broken Link x_refsource_misc
https://gna.org/bugs/?23504
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75424
Mailing List, Patch, Third Party Advisory, VDB Entry mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/06/25/12
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/wesnoth/wesnoth/releases/tag/1.12.3
Scores
CVSS v3
4.3
EPSS
0.0067
EPSS Percentile
71.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (4)
fedoraproject/fedora
21
fedoraproject/fedora
22
wesnoth/battle_for_wesnoth
1.13.0
wesnoth/battle_for_wesnoth
< 1.12.2
Published
Sep 26, 2017
Tracked Since
Feb 18, 2026