Open Microscopy Environment OMERO.server up to 5.6.0 File Import Image File information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in Open Microscopy Environment OMERO.server up to 5.6.0. Affected by this vulnerability is an unknown function of the component File Import. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1055386110/24/2020VulD...confirm_urlhttps://www.openmicroscopy.org/security/advisories/2019-SV1/cve.mitre.org10/24/2020accepted70
1017766406/18/2020VulD...cve_nvd_summaryIn Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames.mitre.org06/18/2020accepted100
1017766306/18/2020VulD...cve_assigned1553299200mitre.org06/18/2020accepted100
1017765806/18/2020VulD...cvss3_nvd_aNnist.gov06/18/2020accepted100
1017765706/18/2020VulD...cvss3_nvd_iNnist.gov06/18/2020accepted100
1017765606/18/2020VulD...cvss3_nvd_cHnist.gov06/18/2020accepted100
1017765506/18/2020VulD...cvss3_nvd_sUnist.gov06/18/2020accepted100
1017765406/18/2020VulD...cvss3_nvd_uiNnist.gov06/18/2020accepted100
1017765306/18/2020VulD...cvss3_nvd_prNnist.gov06/18/2020accepted100
1017765206/18/2020VulD...cvss3_nvd_acLnist.gov06/18/2020accepted100
1017765106/18/2020VulD...cvss3_nvd_avNnist.gov06/18/2020accepted100
1017763806/18/2020VulD...cvss2_nvd_aiNnist.gov06/18/2020accepted100
1017763706/18/2020VulD...cvss2_nvd_iiNnist.gov06/18/2020accepted100
1017763606/18/2020VulD...cvss2_nvd_ciPnist.gov06/18/2020accepted100
1017763506/18/2020VulD...cvss2_nvd_auNnist.gov06/18/2020accepted100
1017763406/18/2020VulD...cvss2_nvd_acLnist.gov06/18/2020accepted100
1017763306/18/2020VulD...cvss2_nvd_avNnist.gov06/18/2020accepted100
1017762306/18/2020VulD...cwe200 (information disclosure)06/18/2020accepted100
1017767306/18/2020VulD...cvss3_nvd_basescore7.5nist.gov06/18/2020accepted90
1017767206/18/2020VulD...cvss3_vuldb_rcX06/18/2020accepted90

Interested in the pricing of exploits?

See the underground prices here!