Security Advisory

CVE-2015-2204

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-02-01 17:00:00

Last updated 2024-08-06 05:10:15

Assigner mitre

State PUBLISHED

Description

Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided.

← Browse all CVEs View on cve.org ↗