7.5
CVE-2026-34020
- EPSS 0.51%
- Veröffentlicht 09.04.2026 15:52:06
- Zuletzt bearbeitet 15.04.2026 15:21:20
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache OpenMeetings: Login Credentials Passed via GET Query Parameters
Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ Openmeetings Version >= 3.1.3 < 9.0.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.393 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-598 Use of HTTP Request With Sensitive Query String
The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.
https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url
https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db
http://www.openwall.com/lists/oss-security/2026/04/09/12