What is CVE-2021-21376?

CVE-2021-21376 is a medium-severity vulnerability in Ome Omero-web, classified under Information Disclosure. CVSS score: 6.4/10. Published 2021-03-23.

How severe is CVE-2021-21376?

Medium severity. CVSS v3 base score is 6.4 out of 10.

Information disclosure in Ome Omero-web

CVE-2021-21376

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on t…

Vulnerability class: Information Disclosure

EPSS: 0.004 (62.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N.

Affected products

Ome Omero-web — versions < 5.9.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q (x_refsource_CONFIRM)
pypi.org/project/omero-web/ (x_refsource_MISC)
github.com/ome/omero-web/blob/master/CHANGELOG.md (x_refsource_MISC)
www.openmicroscopy.org/security/advisories/2021-SV1/ (x_refsource_MISC)
github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-21376?: CVE-2021-21376 is a medium-severity vulnerability in Ome Omero-web, classified under Information Disclosure. CVSS score: 6.4/10. Published 2021-03-23.
How severe is CVE-2021-21376?: Medium severity. CVSS v3 base score is 6.4 out of 10.