OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.openmicroscopy.org/security/advisories/2019-SV4/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-17T16:15:32
Updated: 2024-08-04T09:48:24.479Z
Reserved: 2020-01-23T00:00:00
Link: CVE-2020-7932
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-06-17T17:15:10.753
Modified: 2020-06-24T15:12:53.067
Link: CVE-2020-7932
Redhat
No data.