exploitDog

GHSA-xv8j-v7c6-7mjc

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.

Ссылки

EPSS

Процентиль: 41%

0.00192

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-200

Связанные уязвимости

CVE-2013-7435

CVSS3: 6.5

nvd

около 8 лет назад

The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.

EPSS

Процентиль: 41%

0.00192

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-200