Affects OMERO.web <=5.29.1
OMERO.web displays unnecessary user information when requesting to reset the password
If an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user.
OMERO.web <=5.29.1
Moderate severity.
Disable the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property.
All OMERO.web deployments should be upgraded to at least 5.29.2.
Christopher Youd for notifying the OME team of this security issue via security@openmicroscopy.org.
© 2005-2025 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 4.0 International License
OME source code is available under the GNU General public license or more permissive open source licenses, or through commercial license from Glencoe Software Inc.
OME, Bio-Formats, OMERO, IDR and their associated logos are trademarks of Glencoe Software Inc., which holds these marks to protect them on behalf of the OME community.
[ Site Map ]
Version: 2025.08.30