Medium severity6.5NVD Advisory· Published Feb 1, 2018· Updated Jun 17, 2026
CVE-2015-2203
CVE-2015-2203
Description
Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
8- bugs.launchpad.net/evergreen/+bug/1206589nvdIssue TrackingPatch
- www.openwall.com/lists/oss-security/2015/03/04/3nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/72885nvdThird Party AdvisoryVDB Entry
- evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9nvdIssue TrackingRelease Notes
- evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7nvdIssue TrackingRelease Notes
- evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4nvdIssue TrackingRelease Notes
- evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/nvdRelease Notes
- git.evergreen-ils.orgnvd
News mentions
0No linked articles in our index yet.