CVE-2015-5069

Published: Sep 26, 2017Modified: May 13, 2026

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.

Affected (4)

Products: Wesnoth: Battle For Wesnoth · Fedoraproject: Fedora

1 product

Battle For Wesnoth

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Wesnoth Battle For Wesnoth	Up to 1.12.2
Wesnoth Battle For Wesnoth	Version 1.13.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 21
Fedoraproject Fedora	Version 22

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/06/25/12

Source: cve@mitre.org

Mailing ListPatchThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/75424

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1236010

Source: cve@mitre.org

Issue TrackingThird Party AdvisoryVDB Entry

https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/wesnoth/wesnoth/releases/tag/1.12.3

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/wesnoth/wesnoth/releases/tag/1.13.1

Source: cve@mitre.org

Release NotesThird Party Advisory

https://gna.org/bugs/?23504

Source: cve@mitre.org

Broken Link

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/06/25/12

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/75424

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1236010

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party AdvisoryVDB Entry

https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/wesnoth/wesnoth/releases/tag/1.12.3

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/wesnoth/wesnoth/releases/tag/1.13.1

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://gna.org/bugs/?23504

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.