CVE-2017-1000438 — HIGH (8.3)

Q: What is CVE-2017-1000438?

CVE-2017-1000438 is a vulnerability with a CVSS score of 8.3 (HIGH). In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.

Q: How severe is CVE-2017-1000438?

CVE-2017-1000438 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-1000438?

Check the references section above for vendor advisories and patch information. Affected products include: Openmicroscopy Omero.

Vulnerability Description

In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.

CVSS Score

8.3

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Openmicroscopy	Omero	<= 5.3.3

References

https://www.openmicroscopy.org/security/advisories/2017-SV5-filename-2/MitigationVendor Advisory
https://www.openmicroscopy.org/security/advisories/2017-SV5-filename-2/MitigationVendor Advisory

FAQ

What is CVE-2017-1000438?

CVE-2017-1000438 is a vulnerability with a CVSS score of 8.3 (HIGH). In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.

How severe is CVE-2017-1000438?

CVE-2017-1000438 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-1000438?

Check the references section above for vendor advisories and patch information. Affected products include: Openmicroscopy Omero.