CVE-2015-2204
Affected software: Evergreen ILS (open-ils) prior to specific patch levels. The vulnerability arises when open-ils.actor.ou_setting.ancestor_default fails to enforce view_perm in the absence of an auth token, allowing remote attackers to view sensitive org unit settings. Impact is information dis...