Moderate severityNVD Advisory· Published Jun 17, 2020· Updated Aug 4, 2024
CVE-2020-7932
CVE-2020-7932
Description
OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
omero-webPyPI | < 5.6.3 | 5.6.3 |
Affected products
2- OMERO/OMERO.webdescription
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-vwxv-frj6-fhc9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7932ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/omero-web/PYSEC-2020-244.yamlghsaWEB
- www.openmicroscopy.org/security/advisories/2019-SV4ghsaWEB
- www.openmicroscopy.org/security/advisories/2019-SV4/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.