Vulnerability Name:

CVE-2015-0844 (CCN-102957)

Assigned:2015-01-07
Published:2015-01-07
Updated:2016-06-28
Summary:The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2015-0844

Source: CONFIRM
Type: Vendor Advisory
http://forums.wesnoth.org/viewtopic.php?t=41870

Source: CCN
Type: Wesnoth forums Web site [04-11-2015]
[IMPORTANT] Security advisory for Wesnoth 1.7.xâ??1.12.x

Source: CONFIRM
Type: Vendor Advisory
http://forums.wesnoth.org/viewtopic.php?t=41872

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-6108

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-6280

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-6295

Source: DEBIAN
Type: UNKNOWN
DSA-3218

Source: XF
Type: UNKNOWN
battleforwesnoth-cve20150844-info-disc(102957)

Source: CCN
Type: Debian Security Advisory DSA-3218-1
DSA-3218-1 wesnoth-1.10 -- security update

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-0844

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wesnoth:battle_for_wesnoth:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.8:beta1:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.9:beta2:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.10-1.8:beta3:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.11-1.8:beta4:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.12-1.8:beta5:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.13-1.8:beta6:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.14-1.8:beta7:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.7.15-1.8:rc1:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.9:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.10:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.11:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.12:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.13:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.9.14:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.4:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.5:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.6:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.7:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.8:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.9:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.10:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.11:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.12:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.13:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.14:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.15:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.16:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.17:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.18:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.11.19:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:wesnoth:battle_for_wesnoth:1.12.1:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:20:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:21:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:22:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:wesnoth:battle_for_wesnoth:1.12.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:113579
    P
    		wesnoth-1.12.6-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106965
    P
    		wesnoth-1.12.6-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.cisecurity:def:194
    P
    		DSA-3218-1 -- wesnoth-1.10 -- security update
    2016-02-08
    oval:com.ubuntu.precise:def:20150844000
    V
    		CVE-2015-0844 on Ubuntu 12.04 LTS (precise) - medium.
    2015-04-14
    oval:com.ubuntu.trusty:def:20150844000
    V
    		CVE-2015-0844 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-04-14
    BACK
    wesnoth battle for wesnoth 1.7.0
    wesnoth battle for wesnoth 1.7.1
    wesnoth battle for wesnoth 1.7.2
    wesnoth battle for wesnoth 1.7.3
    wesnoth battle for wesnoth 1.7.4
    wesnoth battle for wesnoth 1.7.5
    wesnoth battle for wesnoth 1.7.6
    wesnoth battle for wesnoth 1.7.7
    wesnoth battle for wesnoth 1.7.8 beta1
    wesnoth battle for wesnoth 1.7.9 beta2
    wesnoth battle for wesnoth 1.7.10-1.8 beta3
    wesnoth battle for wesnoth 1.7.11-1.8 beta4
    wesnoth battle for wesnoth 1.7.12-1.8 beta5
    wesnoth battle for wesnoth 1.7.13-1.8 beta6
    wesnoth battle for wesnoth 1.7.14-1.8 beta7
    wesnoth battle for wesnoth 1.7.15-1.8 rc1
    wesnoth battle for wesnoth 1.8.0
    wesnoth battle for wesnoth 1.9.0
    wesnoth battle for wesnoth 1.9.1
    wesnoth battle for wesnoth 1.9.2
    wesnoth battle for wesnoth 1.9.3
    wesnoth battle for wesnoth 1.9.4
    wesnoth battle for wesnoth 1.9.5
    wesnoth battle for wesnoth 1.9.6
    wesnoth battle for wesnoth 1.9.7
    wesnoth battle for wesnoth 1.9.8
    wesnoth battle for wesnoth 1.9.9
    wesnoth battle for wesnoth 1.9.10
    wesnoth battle for wesnoth 1.9.11
    wesnoth battle for wesnoth 1.9.12
    wesnoth battle for wesnoth 1.9.13
    wesnoth battle for wesnoth 1.9.14
    wesnoth battle for wesnoth 1.10.0
    wesnoth battle for wesnoth 1.11.0
    wesnoth battle for wesnoth 1.11.1
    wesnoth battle for wesnoth 1.11.2
    wesnoth battle for wesnoth 1.11.3
    wesnoth battle for wesnoth 1.11.4
    wesnoth battle for wesnoth 1.11.5
    wesnoth battle for wesnoth 1.11.6
    wesnoth battle for wesnoth 1.11.7
    wesnoth battle for wesnoth 1.11.8
    wesnoth battle for wesnoth 1.11.9
    wesnoth battle for wesnoth 1.11.10
    wesnoth battle for wesnoth 1.11.11
    wesnoth battle for wesnoth 1.11.12
    wesnoth battle for wesnoth 1.11.13
    wesnoth battle for wesnoth 1.11.14
    wesnoth battle for wesnoth 1.11.15
    wesnoth battle for wesnoth 1.11.16
    wesnoth battle for wesnoth 1.11.17
    wesnoth battle for wesnoth 1.11.18
    wesnoth battle for wesnoth 1.11.19
    wesnoth battle for wesnoth 1.12.0
    wesnoth battle for wesnoth 1.12.1
    fedoraproject fedora 20
    fedoraproject fedora 21
    fedoraproject fedora 22
    wesnoth battle for wesnoth 1.12.1