Published: 30/04/2012 Updated: 19/12/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Mumble 1.2.3 and previous versions uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.

Affected Products

Vendor Product Versions
MumbleMumble1.2.0, 1.2.2, 1.2.3

Vendor Advisories

Debian Bug report logs - #659039 mumble: Mumble database is world-readable Package: mumble; Maintainer for mumble is Christopher Knadle <ChrisKnadle@coredumpus>; Source for mumble is src:mumble (PTS, buildd, popcon) Reported by: Marc Deslauriers <marcdeslauriers@ubuntucom> Date: Tue, 7 Feb 2012 16:21:01 UTC Sev ...