CVE-2015-2204

Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:evergreen-ils:evergreen:*:*:*:*:*:*:*:*
cpe:2.3:a:evergreen-ils:evergreen:*:*:*:*:*:*:*:*
cpe:2.3:a:evergreen-ils:evergreen:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-02-01 17:29

Updated : 2024-02-04 19:46


NVD link : CVE-2015-2204

Mitre link : CVE-2015-2204

CVE.ORG link : CVE-2015-2204


JSON object : View

Products Affected

evergreen-ils

  • evergreen
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor