CVE-2015-5070

Published: Sep 26, 2017Modified: May 13, 2026

3.1

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.6 / Impact: 1.4

Source: NVD

Description

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.

Affected (4)

Products: Wesnoth: Battle For Wesnoth · Fedoraproject: Fedora

1 product

Battle For Wesnoth

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Wesnoth Battle For Wesnoth	Up to 1.12.2
Wesnoth Battle For Wesnoth	Version 1.13.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 21
Fedoraproject Fedora	Version 22

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/06/25/12

Source: cve@mitre.org

Mailing ListPatchThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/75425

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1236010

Source: cve@mitre.org

Issue TrackingPatchThird Party AdvisoryVDB Entry

https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/wesnoth/wesnoth/releases/tag/1.12.4

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/wesnoth/wesnoth/releases/tag/1.13.1

Source: cve@mitre.org

Release NotesThird Party Advisory

https://gna.org/bugs/?23504

Source: cve@mitre.org

Broken Link

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/06/25/12

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/75425

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1236010

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party AdvisoryVDB Entry

https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/wesnoth/wesnoth/releases/tag/1.12.4

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/wesnoth/wesnoth/releases/tag/1.13.1

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://gna.org/bugs/?23504

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.