In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NOpenmicroscopy Omero.server
APPOpenmicroscopy5.1.0 – 5.6.0
Related vulnerabilities
OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a craf...
In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image file...
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of tem...
OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSR...
The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log ...