CVE-2012-0863 : Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/M

Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.

Published 2012-04-30 14:55:03

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2012-0863

Mumble » Mumble
Versions up to, including, (<=) 1.2.3
cpe:2.3:a:mumble:mumble:*:*:*:*:*:*:*:*
Matching versions
Mumble » Mumble » Version: 1.2.2
cpe:2.3:a:mumble:mumble:1.2.2:*:*:*:*:*:*:*
Matching versions
Mumble » Mumble » Version: 1.2.0
cpe:2.3:a:mumble:mumble:1.2.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-0863

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 7 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-0863

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-0863

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0863

https://bugzilla.redhat.com/show_bug.cgi?id=791000

791000 – (CVE-2012-0863) CVE-2012-0863 mumble: insecure world-readable permissions on database file
https://github.com/mumble-voip/mumble/commit/5632c35d6759f5e13a7dfe78e4ee6403ff6a8e3e

Explicitly remove file permissions for settings and DB · mumble-voip/mumble@5632c35 · GitHub
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659039

#659039 - mumble: Mumble database is world-readable - Debian Bug report logs
http://www.openwall.com/lists/oss-security/2012/02/15/1

oss-security - CVE request: mumble local information disclosure
http://bugs.gentoo.org/show_bug.cgi?id=403939

403939 – (CVE-2012-0863) <media-sound/mumble-1.2.3-r2 : Database File Insecure Permissions (CVE-2012-0863)
http://www.openwall.com/lists/oss-security/2012/02/15/2

oss-security - Re: CVE request: mumble local information disclosure
https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/783405

Bug #783405 “Mumble stores passwords in plain text in a globally...” : Bugs : mumble package : Ubuntu
http://www.debian.org/security/2012/dsa-2411

Debian -- Security Information -- DSA-2411-1 mumble
http://secunia.com/advisories/47951

Sign in
http://www.securityfocus.com/bid/52024

Mumble '.mumble.sqlite' Insecure File Permissions Vulnerability

Jump to

Vulnerability Details : CVE-2012-0863

Products affected by CVE-2012-0863

Exploit prediction scoring system (EPSS) score for CVE-2012-0863

CVSS scores for CVE-2012-0863

CWE ids for CVE-2012-0863

References for CVE-2012-0863