CVE-2021-21376 MEDIUM

CVE-2021-21376: Information Exposure in OMERO.web

Vendor Ome

Product omero-web

Weakness CWE-200 · Info exposure

Published March 23, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0.

Key dates

02Disclosure timeline

March 23, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-21376

Related vulnerabilities

CVE-2021-21376: Information Exposure in OMERO.web

01Description

02Disclosure timeline

03References

04Related CVE