Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12d3h2LWZyajYtZmhjOc4AAlCU
OMERO-web Sensitive Data Exposure
OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed.
Permalink: https://github.com/advisories/GHSA-vwxv-frj6-fhc9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12d3h2LWZyajYtZmhjOc4AAlCU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 10 months ago
CVSS Score: 5.7
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Identifiers: GHSA-vwxv-frj6-fhc9, CVE-2020-7932
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-7932
- https://www.openmicroscopy.org/security/advisories/2019-SV4/
- https://github.com/advisories/GHSA-vwxv-frj6-fhc9
Affected Packages
pypi:omero-web
Dependent packages: 13Dependent repositories: 24
Downloads: 863 last month
Affected Version Ranges: < 5.6.3
Fixed in: 5.6.3
All affected versions: 5.6.0, 5.6.1, 5.6.2
All unaffected versions: 5.6.3, 5.7.0, 5.7.1, 5.8.0, 5.8.1, 5.9.0, 5.9.1, 5.9.2, 5.10.0, 5.11.0, 5.12.0, 5.12.1, 5.13.0, 5.14.0, 5.14.1, 5.15.0, 5.16.0, 5.17.0, 5.18.0, 5.19.0, 5.20.0, 5.21.0, 5.22.0, 5.22.1, 5.23.0, 5.24.0, 5.25.0