Lucene search
GoogleOSV:GHSA-GFP2-W5JM-955QHistoryMar 23, 2021 - 3:26 p.m.
OMERO.web exposes some unnecessary session information in the page
2021-03-2315:26:34
Google
osv.dev
7
0.001 Low
EPSS
Percentile
38.9%
Background
OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. Some additional information being loaded is not used by the webclient and is being removed in this release.
Impact
OMERO.web before 5.9.0
Patches
5.9.0
Workarounds
No workaround
References
For more information
If you have any questions or comments about this advisory:
References
github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021
github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c
github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q
nvd.nist.gov/vuln/detail/CVE-2021-21376
pypi.org/project/omero-web
www.openmicroscopy.org/security/advisories/2021-SV1
Related
prion
prion
Information disclosure
2021-03-23 16:15:00
osv
osv
PYSEC-2021-31
2021-03-23 16:15:00
CVE-2021-21376
2021-03-23 16:15:14
nvd
nvd
CVE-2021-21376
2021-03-23 16:15:14
cve
cve
CVE-2021-21376
2021-03-23 16:15:14
cvelist
cvelist
CVE-2021-21376 Information Exposure in OMERO.web
2021-03-23 15:25:22
veracode
veracode
Information Disclosure
2021-03-24 02:59:44
github
github
OMERO.web exposes some unnecessary session information in the page
2021-03-23 15:26:34