Search criteria
3 vulnerabilities by evergreen-ils
CVE-2015-2204 (GCVE-0-2015-2204)
Vulnerability from cvelistv5 – Published: 2018-02-01 17:00 – Updated: 2024-08-06 05:10
VLAI?
Summary
Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:15.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4"
},
{
"name": "[oss-security] 20150303 Re: CVE request - Evergreen",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/04/3"
},
{
"name": "72889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72889"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=3a0f1cc7b2efa517ee4cd4c6a682237554fed307"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/evergreen/+bug/1424755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-01T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4"
},
{
"name": "[oss-security] 20150303 Re: CVE request - Evergreen",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/04/3"
},
{
"name": "72889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72889"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=3a0f1cc7b2efa517ee4cd4c6a682237554fed307"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/evergreen/+bug/1424755"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4",
"refsource": "CONFIRM",
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4"
},
{
"name": "[oss-security] 20150303 Re: CVE request - Evergreen",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/04/3"
},
{
"name": "72889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72889"
},
{
"name": "http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=3a0f1cc7b2efa517ee4cd4c6a682237554fed307",
"refsource": "CONFIRM",
"url": "http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=3a0f1cc7b2efa517ee4cd4c6a682237554fed307"
},
{
"name": "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7",
"refsource": "CONFIRM",
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7"
},
{
"name": "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9",
"refsource": "CONFIRM",
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9"
},
{
"name": "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/",
"refsource": "CONFIRM",
"url": "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/"
},
{
"name": "https://bugs.launchpad.net/evergreen/+bug/1424755",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/evergreen/+bug/1424755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2204",
"datePublished": "2018-02-01T17:00:00",
"dateReserved": "2015-03-03T00:00:00",
"dateUpdated": "2024-08-06T05:10:15.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7435 (GCVE-0-2013-7435)
Vulnerability from cvelistv5 – Published: 2018-02-01 17:00 – Updated: 2024-08-06 18:09
VLAI?
Summary
The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4"
},
{
"name": "[oss-security] 20150303 Re: CVE request - Evergreen",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/04/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/evergreen/+bug/1206589"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-01T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4"
},
{
"name": "[oss-security] 20150303 Re: CVE request - Evergreen",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/04/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/evergreen/+bug/1206589"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4",
"refsource": "CONFIRM",
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4"
},
{
"name": "[oss-security] 20150303 Re: CVE request - Evergreen",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/04/3"
},
{
"name": "https://bugs.launchpad.net/evergreen/+bug/1206589",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/evergreen/+bug/1206589"
},
{
"name": "http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=ac588e879cf73ff1b65617e0bd273361d3529063",
"refsource": "CONFIRM",
"url": "http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=ac588e879cf73ff1b65617e0bd273361d3529063"
},
{
"name": "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7",
"refsource": "CONFIRM",
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7"
},
{
"name": "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9",
"refsource": "CONFIRM",
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9"
},
{
"name": "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/",
"refsource": "CONFIRM",
"url": "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7435",
"datePublished": "2018-02-01T17:00:00",
"dateReserved": "2015-03-03T00:00:00",
"dateUpdated": "2024-08-06T18:09:16.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2203 (GCVE-0-2015-2203)
Vulnerability from cvelistv5 – Published: 2018-02-01 17:00 – Updated: 2024-08-06 05:10
VLAI?
Summary
Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:15.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4"
},
{
"name": "[oss-security] 20150303 Re: CVE request - Evergreen",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/04/3"
},
{
"name": "72885",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72885"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/evergreen/+bug/1206589"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-01T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4"
},
{
"name": "[oss-security] 20150303 Re: CVE request - Evergreen",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/04/3"
},
{
"name": "72885",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72885"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/evergreen/+bug/1206589"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4",
"refsource": "CONFIRM",
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4"
},
{
"name": "[oss-security] 20150303 Re: CVE request - Evergreen",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/04/3"
},
{
"name": "72885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72885"
},
{
"name": "https://bugs.launchpad.net/evergreen/+bug/1206589",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/evergreen/+bug/1206589"
},
{
"name": "http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=ac588e879cf73ff1b65617e0bd273361d3529063",
"refsource": "CONFIRM",
"url": "http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=ac588e879cf73ff1b65617e0bd273361d3529063"
},
{
"name": "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7",
"refsource": "CONFIRM",
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7"
},
{
"name": "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9",
"refsource": "CONFIRM",
"url": "http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9"
},
{
"name": "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/",
"refsource": "CONFIRM",
"url": "http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2203",
"datePublished": "2018-02-01T17:00:00",
"dateReserved": "2015-03-03T00:00:00",
"dateUpdated": "2024-08-06T05:10:15.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}