VYPR
High severity7.5NVD Advisory· Published Feb 1, 2018· Updated Jun 17, 2026

CVE-2015-2204

CVE-2015-2204

Description

Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Evergreen/Evergreeninferred2 versions
    <2.5.9||>=2.6.0,<2.6.7||>=2.7.0,<2.7.4+ 1 more
    • (no CPE)range: <2.5.9||>=2.6.0,<2.6.7||>=2.7.0,<2.7.4
    • (no CPE)range: <2.5.9, <2.6.7, <2.7.4

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.