CVE-2021-21376

Опубликовано: 23 мар. 2021

Источник: nvd

CVSS3: 6.4

CVSS3: 6.5

CVSS2: 5

EPSS Низкий

Описание

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0.

Ссылки

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021
Release Notes
Third Party Advisory
https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c
Patch
Third Party Advisory
https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q
Third Party Advisory
https://pypi.org/project/omero-web/
Release Notes
Third Party Advisory
https://www.openmicroscopy.org/security/advisories/2021-SV1/
Vendor Advisory
https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021
Release Notes
Third Party Advisory
https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c
Patch
Third Party Advisory
https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q
Third Party Advisory
https://pypi.org/project/omero-web/
Release Notes
Third Party Advisory
https://www.openmicroscopy.org/security/advisories/2021-SV1/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openmicroscopy:omero.web:*:*:*:*:*:*:*:*

Версия до 5.9.0 (исключая)

EPSS

Процентиль: 62%

0.00424

Низкий

6.4 Medium

CVSS3

6.5 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-gfp2-w5jm-955q

CVSS3: 6.4

github

почти 5 лет назад

OMERO.web exposes some unnecessary session information in the page

EPSS

Процентиль: 62%

0.00424

Низкий

6.4 Medium

CVSS3

6.5 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200