Personal tools
  • We're Hiring!

You are here: Home Products OMERO Security Vulnerabilities 2016-SV1 Cleanse

2016-SV1 Cleanse


The script which is used by the "bin/omero admin cleanse" command can lead to data loss.


If the script is run by an operating system user who has permission to delete from the filesystem used for OMERO's binary repository but who is logged into OMERO as a non-administrative user (not a member of the OMERO "system" group) then the cleanse operation will delete other users' images, attachments, and other files that the OMERO user does not have permission to access.

Affected packages

OMERO.server up to and including 5.2.3.


Potential for data loss.


Use the provided patch to patch


All OMERO.servers should be upgraded to at least 5.2.4.


Carnë Draug for notifying the OME team of this security issue

Document Actions