CVE-2021-21376

Name of the Vulnerable Software and Affected Versions OMERO.web versions prior to 5.9.0

Description OMERO.web is open source Django-based software for managing microscopy imaging. It loads various information about the current user, such as their id, name, and the groups they are in, which is available on the main webclient pages. This represents an information exposure issue. Some additional information being loaded is not used by the webclient and is being removed.

Recommendations For versions prior to 5.9.0, update to version 5.9.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive user information until the update is applied.