CVE-2021-21376

high

Description

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0.

References

Advisories
More

https://pypi.org/project/omero-web/

https://github.com/ome/omero-web/security/advisories/GHSA-gfp2-w5jm-955q

https://github.com/ome/omero-web/commit/952f8e5d28532fbb14fb665982211329d137908c

https://github.com/ome/omero-web/blob/master/CHANGELOG.md#590-march-2021

https://www.openmicroscopy.org/security/advisories/2021-SV1/

Details

Source: Mitre, NVD

Published: 2021-03-23

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

CVSS v4

Base Score: 7.4

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00424