The open-ils.pcrud endpoint in Evergreen prior to 2.5.9, 2.6.x prior to 2.6.7, and 2.7.x prior to 2.7.4 allows remote malicious users to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
evergreen-ils evergreen |