Sensitive Settings History Information Disclosure in Evergreen 2.5.9, 2.6.7, and 2.7.4
CVE-2015-2203 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.
Learn more about our User Device Pen Test.