Vulnerability Name: | CVE-2015-5070 (CCN-104080) | ||||||||||||||||||||||||||||||||
Assigned: | 2015-06-25 | ||||||||||||||||||||||||||||||||
Published: | 2015-06-25 | ||||||||||||||||||||||||||||||||
Updated: | 2017-10-10 | ||||||||||||||||||||||||||||||||
Summary: | The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. Note: this vulnerability exists because of an incomplete fix for CVE-2015-5069. | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 3.1 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N) 2.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-200 | ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2015-5070 Source: FEDORA Type: Third Party Advisory FEDORA-2015-10973 Source: FEDORA Type: Third Party Advisory FEDORA-2015-10964 Source: CCN Type: oss-security Mailing List, Wed, 24 Jun 2015 22:32:53 -0300 CVE request: Wesnoth authentication information disclosure Source: CCN Type: oss-security Mailing List, Thu, 25 Jun 2015 07:46:15 -0400 (EDT) Re: CVE request: Wesnoth authentication information disclosure Source: MLIST Type: Mailing List, Patch, Third Party Advisory, VDB Entry [oss-security] 20150625 Re: CVE request: Wesnoth authentication information disclosure Source: BID Type: Third Party Advisory, VDB Entry 75425 Source: CCN Type: Wesnoth Web site Wesnoth Source: CONFIRM Type: Issue Tracking, Patch, Third Party Advisory, VDB Entry https://bugzilla.redhat.com/show_bug.cgi?id=1236010 Source: XF Type: UNKNOWN wesnoth-cve20155070-info-disc(104080) Source: CCN Type: Wesnoth SVN Repository Use looks_like_pbl() to disallow .pbl file inclusion (bug #23504) Source: CONFIRM Type: Patch, Third Party Advisory https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59 Source: CONFIRM Type: Release Notes, Third Party Advisory https://github.com/wesnoth/wesnoth/releases/tag/1.12.4 Source: CONFIRM Type: Release Notes, Third Party Advisory https://github.com/wesnoth/wesnoth/releases/tag/1.13.1 Source: MISC Type: Broken Link https://gna.org/bugs/?23504 Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-5070 | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |