CVE-2013-7435

2018-02-0117:00:00

mitre

www.cve.org

AI Score

6.3

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.

References

evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9

evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7

evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4

evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/

git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063

www.openwall.com/lists/oss-security/2015/03/04/3

bugs.launchpad.net/evergreen/+bug/1206589