affects OMERO versions 5.2.7 and earlier
A normal user in a read-write group can edit official scripts.
Official scripts are in the "user" group. A normal user in a read-write group can edit official scripts because the server would check the current group permissions and see they were permissive. The fix was to increase the cases in which the server would instead look at the group permissions of the object actually being edited rather than those of the user's current group.
OMERO.server up to and including 5.2.7.
High severity. Any users in a read-write group could edit any script and corrupt or delete data in OMERO.server.
None
All OMERO.servers should be upgraded to at least 5.2.8.
© 2005-2024 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 4.0 International License
OME source code is available under the GNU General public license or more permissive open source licenses, or through commercial license from Glencoe Software Inc.
OME, Bio-Formats, OMERO, IDR and their associated logos are trademarks of Glencoe Software Inc., which holds these marks to protect them on behalf of the OME community.
[ Site Map ]
Version: 2024.11.14