3 matches found
OMERO.web displays unecessary user information when requesting password reset
Background If an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. Impact OMERO.web before 5.29.1 Patches User should upgrade to 5.29.2 or higher Workarounds Disable t...
Information Exposure
Overview omero-web is an OMERO.web Affected versions of this package are vulnerable to Information Exposure via the getGuestConnection function in the webadmin/views.py file. An attacker can obtain unnecessary user information by triggering error messages during password reset attempts. Workaroun...
PT-2025-32994 · Omero.Web · Omero.Web
Name of the Vulnerable Software and Affected Versions: OMERO.web versions prior to 5.29.2 Description: OMERO.web provides a web-based client and plugin infrastructure. If an error occurred when resetting a user's password using the Forgot Password option, the error message displayed on the webpag...