Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings
High severity
GitHub Reviewed
Published
Apr 9, 2026
to the GitHub Advisory Database
•
Updated Apr 10, 2026
Package
Affected versions
>= 3.1.3, < 9.0.0
Patched versions
9.0.0
Description
Published by the National Vulnerability Database
Apr 9, 2026
Published to the GitHub Advisory Database
Apr 9, 2026
Reviewed
Apr 10, 2026
Last updated
Apr 10, 2026
Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.
The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact
This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.
Users are recommended to upgrade to version 9.0.0, which fixes the issue.
References