Toom Lõhmus

**Name of the Vulnerable Software and Affected Versions** Battle for Wesnoth versions prior to 1.12.3 Battle for Wesnoth versions 1.13.x prior to 1.13.1 **Description** The issue allows remote attackers to obtain sensitive information via vectors related to the inclusion of .pbl files from WML, involving the `filesystem::get wml location` function in filesystem.cpp and the `is legal file` function in filesystem boost.cpp. **Recommendations** For versions prior to 1.12.3, update to version 1.12.3 or later. For versions 1.13.x prior to 1.13.1, update to version 1.13.1 or later.

**Name of the Vulnerable Software and Affected Versions** Battle for Wesnoth versions prior to 1.12.4 Battle for Wesnoth versions 1.13.x prior to 1.13.1 **Description** The issue allows remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML, specifically when a case-insensitive filesystem is used. This is due to incomplete fixes in the `filesystem::get wml location` function and the `is legal file` function. **Recommendations** For versions prior to 1.12.4, update to version 1.12.4 or later. For versions 1.13.x prior to 1.13.1, update to version 1.13.1 or later.