{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34020", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2026-03-25T09:32:35.406Z", "datePublished": "2026-04-09T15:52:06.599Z", "dateUpdated": "2026-04-10T20:13:47.789Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache OpenMeetings", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "9.0.0", "status": "affected", "version": "3.1.3", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "4ra2n (A code security AI agent)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.</p><p>The REST login endpoint uses HTTP GET method with username and password passed as query parameters.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Please check references regarding possible impact</span><br></p><p>This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.</p><p>Users are recommended to upgrade to version 9.0.0, which fixes the issue.</p>"}], "value": "Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.\n\nThe REST login endpoint uses HTTP GET method with username and password passed as query parameters.\u00a0Please check references regarding possible impact\n\n\nThis issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-598", "description": "CWE-598 Use of GET Request Method With Sensitive Query Strings", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-04-09T15:52:06.599Z"}, "references": [{"tags": ["related"], "url": "https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url"}, {"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db"}], "source": {"defect": ["OPENMEETINGS-2816"], "discovery": "EXTERNAL"}, "title": "Apache OpenMeetings: Login Credentials Passed via GET Query Parameters", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/09/12"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-09T16:29:22.642Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T20:13:11.755154Z", "id": "CVE-2026-34020", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T20:13:47.789Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/09/12"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-09T16:29:22.642Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-34020", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T20:13:11.755154Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T19:52:50.302Z"}}], "cna": {"title": "Apache OpenMeetings: Login Credentials Passed via GET Query Parameters", "source": {"defect": ["OPENMEETINGS-2816"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "4ra2n (A code security AI agent)"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "moderate"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache OpenMeetings", "versions": [{"status": "affected", "version": "3.1.3", "lessThan": "9.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url", "tags": ["related"]}, {"url": "https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.\n\nThe REST login endpoint uses HTTP GET method with username and password passed as query parameters.\u00a0Please check references regarding possible impact\n\n\nThis issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.</p><p>The REST login endpoint uses HTTP GET method with username and password passed as query parameters.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Please check references regarding possible impact</span><br></p><p>This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.</p><p>Users are recommended to upgrade to version 9.0.0, which fixes the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-598", "description": "CWE-598 Use of GET Request Method With Sensitive Query Strings"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-04-09T15:52:06.599Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34020", "state": "PUBLISHED", "dateUpdated": "2026-04-10T20:13:47.789Z", "dateReserved": "2026-03-25T09:32:35.406Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2026-04-09T15:52:06.599Z", "assignerShortName": "apache"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", "matchCriteriaId": "D575157B-A67F-474D-AD60-56D636F1AF5A", "versionEndExcluding": "9.0.0", "versionStartIncluding": "3.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.\n\nThe REST login endpoint uses HTTP GET method with username and password passed as query parameters.\u00a0Please check references regarding possible impact\n\n\nThis issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue."}], "id": "CVE-2026-34020", "lastModified": "2026-04-15T15:21:20.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-09T16:16:27.090", "references": [{"source": "security@apache.org", "tags": ["Vendor Advisory", "Mailing List"], "url": "https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db"}, {"source": "security@apache.org", "tags": ["Not Applicable"], "url": "https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2026/04/09/12"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-598"}], "source": "security@apache.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.1.3,9.0.0)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Apache OpenMeetings", "source": "cna", "vendor": "Apache Software Foundation"}, "product": "openmeetings", "vendor": "apache"}], "analysis": {"en": {"generated_at": "2026-04-10T22:36:38.368811+00:00", "value": {"mitigation_remediation": ["Update Apache OpenMeetings to version 9.0.0 or later, which eliminates the vulnerable GET login endpoint.", "If an upgrade cannot be performed immediately, configure web servers to suppress logging of URL query strings containing credentials and monitor logs for exposed credentials.", "If credentials may have been exposed, rotate affected passwords and verify that compromised sessions are terminated."], "summary": {"action": "Immediate Patch", "impact": "Information Exposure"}, "threat_synthesis": {"affected_systems": "Apache OpenMeetings distributed by the Apache Software Foundation. The flaw affects all releases from 3.1.3 through the latest 8.x series, up to, but excluding, version 9.0.0. Users running any of these versions should review the application configuration and consider upgrading.", "description_and_impact": "The vulnerability arises because the REST login endpoint in Apache OpenMeetings accepts user credentials via an HTTP GET request, embedding the username and password as query string parameters. This practice exposes sensitive information in URLs that can be logged by web servers, proxies, and client browsers. Attackers who gain access to logs or observe network traffic could capture these credentials, leading to unauthorized access to the meeting platform. The issue is classified as CWE\u2011598, an information\u2011exposure weakness.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity level. The EPSS score is below 1\u202f%, suggesting that this vulnerability is unlikely to be actively exploited in the wild, and it is not listed in the CISA KEV catalog. However, because credentials are transmitted in cleartext URLs, a remote attacker who can intercept or read server or proxy logs can obtain the login details. The likely attack vector is a remote, unauthenticated user accessing logs or tampering with network traffic."}}}}, "created": "2026-04-10T08:53:10.025667+00:00", "updated": "2026-04-13T13:06:53.543365+00:00", "vendors": ["apache", "apache$PRODUCT$openmeetings"]}