affects OMERO 5 versions 5.4.3 and earlier
A user can gain permissions to edit a previously unused official script by running that script then having an administrator give all that user's data to an accomplice. That script may then be edited to perform arbitrary operations with the permissions of users who subsequently run the script.
The implementation of Chgrp2, Chown2 and Delete2 assumed that jobs link to files that have the same owner and group as the job. This is not true of jobs related to OMERO scripts. The previous graph transition rules wrongly assumed that performing an operation on a job or its link meant that it was safe to implicitly include linked files in that operation.
OMERO.server from 5.1.0 to 5.4.3 inclusive.
All OMERO.servers should be upgraded to at least 5.4.4.