Sensitive Settings History Information Disclosure in Evergreen 2.5.9, 2.6.7, and 2.7.4

Sensitive Settings History Information Disclosure in Evergreen 2.5.9, 2.6.7, and 2.7.4

CVE-2015-2203 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.

Learn more about our User Device Pen Test.