CVE-2013-7435

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.

Published: Feb 1, 2018
Updated: Apr 13, 2023
CVE: CVE-2013-7435
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
evergreen-ils / evergreen	2.7.0	2.7.4
evergreen-ils / evergreen	2.6.0	2.6.7
evergreen-ils / evergreen	-	2.5.9

http://evergreen-ils.org/downloads/ChangeLog-2.5.8-2.5.9
http://evergreen-ils.org/downloads/ChangeLog-2.6.6-2.6.7
http://evergreen-ils.org/downloads/ChangeLog-2.7.3-2.7.4
http://evergreen-ils.org/security-releases-evergreen-2-7-4-2-6-7-and-2-5-9/
http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=ac588e879cf73ff1b65617e0bd273361d3529063
http://git.evergreen-ils.org/?p=Evergreen.git%3Ba=commit%3Bh=ac588e879cf73ff1b65617e0bd273361d3529063
http://www.openwall.com/lists/oss-security/2015/03/04/3
https://bugs.launchpad.net/evergreen/+bug/1206589

Vulnerability Database

289,689

CVE-2013-7435