CyberSec.Space Logo
返回 CVE 浏览器

CVE-2015-2204

HIGH
7.5
CVSS Severity Score
EPSS Score0.0970%
EPSS Percentile36.43th
Published2018年2月1日
Last Modified2024年11月21日

Vulnerability Description

Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided.

Affected Platforms (CPE)

📦
Evergreen Ils

Evergreen

< 2.5.9
📦
Evergreen Ils

Evergreen

>= 2.6.0 and < 2.6.7
📦
Evergreen Ils

Evergreen

>= 2.7.0 and < 2.7.4

References & Advisories

🔗 http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9
🔗 http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7
🔗 http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4
🔗 http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/
🔗 http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=3a0f1cc7b2efa517ee4cd4c6a682237554fed307
🔗 http://www.openwall.com/lists/oss-security/2015/03/04/3
🔗 http://www.securityfocus.com/bid/72889
🔗 https://bugs.launchpad.net/evergreen/+bug/1424755

相关漏洞威胁

CVE-2013-74356.5

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtai...

CVE-2015-22036.5

Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings histo...

CVE-2014-16265.0

XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and...

CVE-2015-304810.0

Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to ex...