The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable via an attacker reading the web server log. This vulnerability appears to have been fixed in 5.4.7.
References
Link | Resource |
---|---|
http://www.openmicroscopy.org/2018/07/26/omero-5-4-7.html | Patch Vendor Advisory |
http://www.openmicroscopy.org/security/advisories/2018-SV1-post-password/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:21:59
Updated: 2022-10-03T16:21:59
Reserved: 2018-07-31T00:00:00
Link: CVE-2018-1000633
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-08-20T19:31:32.073
Modified: 2018-10-12T19:49:21.787
Link: CVE-2018-1000633
JSON object: View
Redhat Information
No data.
CWE