CVE-2021-21376 Information

Jun 07, 2022 cve

Description

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id name and the groups they are in and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021 https://pypi.org/project/omero-web/ https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q https://www.openmicroscopy.org/security/advisories/2021-SV1/ https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5

Share on: