affects OMERO.server versions 5.1.0 to 5.6.0
OMERO does not fully restrict the actions of group owners to within their group.
OMERO allows group owners to perform various actions as another member of their group. In some cases, these actions are not restricted to the group they own.
OMERO 5.6.1 adds a server-side check that the session context for a group owner is limited to their groups.
This vulnerability is identified as CVE-2020-6752.
OMERO.server before 5.6.1.
All OMERO.servers should be upgraded to at least 5.6.1.
© 2005-2024 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 4.0 International License
OME source code is available under the GNU General public license or more permissive open source licenses, or through commercial license from Glencoe Software Inc.
OME, Bio-Formats, OMERO, IDR and their associated logos are trademarks of Glencoe Software Inc., which holds these marks to protect them on behalf of the OME community.
[ Site Map ]
Version: 2024.11.14