affects OMERO.server 5 versions 5.6.0 and earlier
OMERO makes the details of each user available to all users.
An OMERO Experimenter instance exists for every OMERO user and its fields are readable by other users. This is inconsistent with the principles of good data privacy.
OMERO 5.6.1 obscures users' details from other normal users, unless they are colleagues in a non-private group.
This vulnerability is identified as CVE-2019-16245.
OMERO.server before 5.6.1.
All OMERO.servers should be upgraded to at least 5.6.1.
© 2005-2024 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 4.0 International License
OME source code is available under the GNU General public license or more permissive open source licenses, or through commercial license from Glencoe Software Inc.
OME, Bio-Formats, OMERO, IDR and their associated logos are trademarks of Glencoe Software Inc., which holds these marks to protect them on behalf of the OME community.
[ Site Map ]
Version: 2024.04.18