CVE-2020-7932
MEDIUMOMERO.web < 5.6.3 - Exposure of Sensitive Information via URL Query Parameters
Title source: llmDescription
OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.openmicroscopy.org/security/advisories/2019-SV4/
Scores
CVSS v3
5.7
EPSS
0.0080
EPSS Percentile
52.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
openmicroscopy/omero.web
< 5.6.3
pypi/omero-web
0 - 5.6.3PyPI
Published
Jun 17, 2020
Tracked Since
Feb 18, 2026