Unrated severityNVD Advisory· Published Apr 30, 2012· Updated Apr 29, 2026

CVE-2012-0863

Description

Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.

Affected products

Mumble/Mumble3 versions
cpe:2.3:a:mumble:mumble:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mumble:mumble:*:*:*:*:*:*:*:*range: <=1.2.3
- cpe:2.3:a:mumble:mumble:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mumble:mumble:1.2.2:*:*:*:*:*:*:*

Patches

5632c35d6759

https://github.com/mumble-voip/mumblevia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

bugs.debian.org/cgi-bin/bugreport.cginvd
bugs.gentoo.org/show_bug.cginvd
secunia.com/advisories/47951nvd
www.debian.org/security/2012/dsa-2411nvd
www.openwall.com/lists/oss-security/2012/02/15/1nvd
www.openwall.com/lists/oss-security/2012/02/15/2nvd
www.securityfocus.com/bid/52024nvd
bugs.launchpad.net/ubuntu/+source/mumble/+bug/783405nvd
bugzilla.redhat.com/show_bug.cginvd
github.com/mumble-voip/mumble/commit/5632c35d6759f5e13a7dfe78e4ee6403ff6a8e3envd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000