CVE Vulnerabilities

CVE-2017-1000438

Published: Jan 02, 2018 | Modified: Oct 03, 2019
CVSS 3.x
8.3
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another users file on the underlying filesystem, then manipulate the users data.

Affected Software

Name Vendor Start Version End Version
Omero Openmicroscopy * 5.3.3 (including)

References