CVE-2015-2203
Evergreen is affected: versions 2.5.9, 2.6.7, and 2.7.4 expose sensitive settings history to remote authenticated users with STAFF_LOGIN by abusing listing of open-ils.pcrud as a controller in the IDL. Root cause involves information disclosure due to improper control over open-ils.pcrud exposure...