org.apache.openmeetings:openmeetings-parent 5.0.0-M4

Direct Vulnerabilities

Known vulnerabilities in the org.apache.openmeetings:openmeetings-parent package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Use of GET Request Method With Sensitive Query Strings org.apache.openmeetings:openmeetings-parent is a web-conferencing software. Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the REST login endpoint when sensitive information such as username and password is transmitted as query parameters in HTTP GET requests. An attacker can obtain confidential credentials by intercepting network traffic or accessing server logs that record URLs. How to fix Use of GET Request Method With Sensitive Query Strings? Upgrade `org.apache.openmeetings:openmeetings-parent` to version 9.0.0 or higher.	[3.1.3,9.0.0)
H Missing Authentication for Critical Function org.apache.openmeetings:openmeetings-parent is a web-conferencing software. Affected versions of this package are vulnerable to Missing Authentication for Critical Function such that an attacker can elevate their privileges in any room. How to fix Missing Authentication for Critical Function? Upgrade `org.apache.openmeetings:openmeetings-parent` to version 7.0.0 or higher.	[2.0.0,7.0.0)
H Denial of Service (DoS) org.apache.openmeetings:openmeetings-parent is a web-conferencing software. Affected versions of this package are vulnerable to Denial of Service (DoS). It was found that the `NetTest` web service can be used to overload the bandwidth of a Apache OpenMeetings server. How to fix Denial of Service (DoS)? Upgrade `org.apache.openmeetings:openmeetings-parent` to version 6.2.0 or higher.	[4.0.0,6.2.0)

Vulnerability

Vulnerable Version

Use of GET Request Method With Sensitive Query Strings

org.apache.openmeetings:openmeetings-parent is a web-conferencing software.

Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the REST login endpoint when sensitive information such as username and password is transmitted as query parameters in HTTP GET requests. An attacker can obtain confidential credentials by intercepting network traffic or accessing server logs that record URLs.

How to fix Use of GET Request Method With Sensitive Query Strings?

Upgrade org.apache.openmeetings:openmeetings-parent to version 9.0.0 or higher.

[3.1.3,9.0.0)

Missing Authentication for Critical Function

org.apache.openmeetings:openmeetings-parent is a web-conferencing software.

Affected versions of this package are vulnerable to Missing Authentication for Critical Function such that an attacker can elevate their privileges in any room.

How to fix Missing Authentication for Critical Function?

Upgrade org.apache.openmeetings:openmeetings-parent to version 7.0.0 or higher.

[2.0.0,7.0.0)

Denial of Service (DoS)

org.apache.openmeetings:openmeetings-parent is a web-conferencing software.

Affected versions of this package are vulnerable to Denial of Service (DoS). It was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server.

How to fix Denial of Service (DoS)?

Upgrade org.apache.openmeetings:openmeetings-parent to version 6.2.0 or higher.

[4.0.0,6.2.0)

org.apache.openmeetings:openmeetings-parent@5.0.0-M4

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically