CVE-2015-5069

🗓️ 26 Sep 2017 14:00:00Reported by mitreType

(1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML

Reporter	Title	Published	Views	Family All 29
FreeBSD	wesnoth -- disclosure of .pbl files with lowercase, uppercase, and mixed-case extension	28 Jun 201500:00	–	freebsd
ATTACKERKB	CVE-2015-5070	26 Sep 201714:29	–	attackerkb
ATTACKERKB	CVE-2015-5069	26 Sep 201714:29	–	attackerkb
ArchLinux	wesnoth: information leakage	3 Jul 201500:00	–	archlinux
CNVD	Wesnoth Information Disclosure Vulnerability (CNVD-2015-04466)	10 Jul 201500:00	–	cnvd
Cvelist	CVE-2015-5069	26 Sep 201714:00	–	cvelist
Debian	[SECURITY] [DLA 297-1] wesnoth-1.8 security update	22 Aug 201509:19	–	debian
Debian CVE	CVE-2015-5069	26 Sep 201714:00	–	debiancve
Tenable Nessus	Debian DLA-297-1 : wesnoth-1.8 security update	24 Aug 201500:00	–	nessus
Tenable Nessus	Fedora 22 : wesnoth-1.12.4-1.fc22 (2015-10964)	14 Jul 201500:00	–	nessus

NVD

Node

wesnoth battle_for_wesnothRange≤1.12.2

wesnoth battle_for_wesnothMatch1.13.0

Node

fedoraproject fedoraMatch21

fedoraproject fedoraMatch22

Source	Link
lists	www.lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html
github	www.github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d
gna	www.gna.org/bugs/
securityfocus	www.securityfocus.com/bid/75424
openwall	www.openwall.com/lists/oss-security/2015/06/25/12
github	www.github.com/wesnoth/wesnoth/releases/tag/1.12.3
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/wesnoth/wesnoth/releases/tag/1.13.1
lists	www.lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html

13 May 2026 00:24Current

3.9Low risk

Vulners AI Score3.9

CVSS 24

CVSS 34.3

EPSS0.00671

CWE-200