Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-vm9c-dvcd-3khf

Summary

Apache OpenMeetings has an Improper Handling of Insufficient Privileges vulnerability
Sny registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field. Full list of fields get be checked at FileItemDTO object.

This issue affects Apache OpenMeetings: from 3.10 before 9.0.0.

Users are recommended to upgrade to version 9.0.0, which fixes the issue.

Aliases

alias	CVE-2026-33005

alias	GHSA-78cg-fc6c-w44w

Fixed_packages

url	pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0
purl	pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0

Affected_packages

url pkg:maven/org.apache.openmeetings/openmeetings-parent@3.10

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@3.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vm9c-dvcd-3khf

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.10

url pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.0

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-7cjy-cp47-gfdj

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.0

url pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.1

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-7cjy-cp47-gfdj

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.1

url pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.3

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.3

url pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.4

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.4

url pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.5

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.5

url pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.6

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.6

url pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.7

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.7

url pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.9

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.9

url pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.10

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.10

url pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.11

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@4.0.11

url pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0-M1

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0-M1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0-M1

url pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0-M2

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0-M2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0-M2

url pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0-M3

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0-M3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0-M3

url pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0-M4

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0-M4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0-M4

url pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-bpy2-2bjy-tyhp

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@5.0.0

url pkg:maven/org.apache.openmeetings/openmeetings-parent@5.1.0

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@5.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-d3yv-dzar-s3f6

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@5.1.0

url pkg:maven/org.apache.openmeetings/openmeetings-parent@6.2.0

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@6.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-vbkk-qkme-uyh9

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@6.2.0

url pkg:maven/org.apache.openmeetings/openmeetings-parent@6.3.0

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@6.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-6fca-mmbn-k7b7

vulnerability	VCID-vbkk-qkme-uyh9

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@6.3.0

url pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-556q-4wch-sfde

vulnerability	VCID-vbkk-qkme-uyh9

vulnerability	VCID-vfk3-wtbw-kuf9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0

url pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-vbkk-qkme-uyh9

vulnerability	VCID-vm9c-dvcd-3khf

vulnerability	VCID-xsja-94mz-hqbh

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0

url pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-vbkk-qkme-uyh9

vulnerability	VCID-vm9c-dvcd-3khf

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0

url pkg:maven/org.apache.openmeetings/openmeetings-parent@8.1.0

purl pkg:maven/org.apache.openmeetings/openmeetings-parent@8.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3xum-p9mm-kbc3

vulnerability	VCID-vbkk-qkme-uyh9

vulnerability	VCID-vm9c-dvcd-3khf

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@8.1.0

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33005

reference_id

reference_type

scores

value	0.00135
scoring_system	epss
scoring_elements	0.33214
published_at	2026-06-06T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33177
published_at	2026-06-07T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.332
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33005

reference_url

https://github.com/apache/openmeetings

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/openmeetings

reference_url

https://lists.apache.org/thread/pttoprd628g3xr6lpp3bm1z8m3z8t4p7

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:44:03Z/

url

https://lists.apache.org/thread/pttoprd628g3xr6lpp3bm1z8m3z8t4p7

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33005

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33005

reference_url

https://openmeetings.apache.org/openmeetings-db/apidocs/org.apache.openmeetings.db/org/apache/openmeetings/db/dto/file/FileItemDTO.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:44:03Z/

url

https://openmeetings.apache.org/openmeetings-db/apidocs/org.apache.openmeetings.db/org/apache/openmeetings/db/dto/file/FileItemDTO.html

reference_url

http://www.openwall.com/lists/oss-security/2026/04/09/10

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/09/10

reference_url

https://github.com/advisories/GHSA-78cg-fc6c-w44w

reference_id

GHSA-78cg-fc6c-w44w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-78cg-fc6c-w44w

Weaknesses

cwe_id	274
name	Improper Handling of Insufficient Privileges
description	The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vm9c-dvcd-3khf

Vulnerability Instance