Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Evergreen 信息泄露漏洞
Vulnerability Description
Evergreen是Evergreen社区开发的一套开源的高度可扩展的图书馆系统(ILS)。该系统可帮助读者找到图书资料,并有助于图书馆管理、整理产品目录及分发这些材料等。 Evergreen 2.5.9之前版本、2.6.7之前的2.6.x版本和2.7.4之前的2.7.x版本中存在安全漏洞。远程攻击者可利用该漏洞绕过访问控制限制,获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A