← volver
CVE-2015-2204

CVE-2015-2204

EPSS 3.2%
Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=3a0f1cc7b2efa517ee4cd4c6a682237554fed307https://bugs.launchpad.net/evergreen/+bug/1424755http://www.openwall.com/lists/oss-security/2015/03/04/3http://www.securityfocus.com/bid/72889