44 matches found
CVE-2022-26112
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...
EUVD-2025-9317
Malicious code in bioql PyPI...
EUVD-2022-1594
Malicious code in bioql PyPI...
EUVD-2022-6919
Malicious code in bioql PyPI...
CVE-2024-39676
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...
CVE-2022-23974
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release...
Authentication Bypass
Apache Pinot is vulnerable to Authentication Bypass. The vulnerability is due to improper request path validation due to the application's failure to enforce authentication when the request path contains a semicolon ; and lacks a forward slash /, allowing unauthorized user creation...
Apache Pinot Vulnerable to Authentication Bypass
Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...
GHSA-6JWP-4WVJ-6597 Apache Pinot Vulnerable to Authentication Bypass
Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...
CVE-2024-56325 Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required
Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...
CVE-2024-56325 Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required
Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...
Apache Pinot 安全漏洞
Apache Pinot is a real-time distributed OLAP data store from the Apache USA Foundation. It is designed to provide ultra-low latency analytics. A security vulnerability exists in Apache Pinot versions prior to 1.3 that stems from an authentication bypass issue that allows unauthorized users to add...
Apache Pinot Improper Neutralization of Special Elements Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Apache Pinot. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthenticationFilter class. The issue results from insufficient neutralization of specia...
GHSA-8GJ9-R4HV-3JJW Apache Pinot: Unauthorized endpoint exposed sensitive information
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path /appconfigs to the...
Apache Pinot: Unauthorized endpoint exposed sensitive information
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path /appconfigs to the...
CVE-2024-39676
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...
CVE-2024-39676
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...
CVE-2024-39676 Apache Pinot: Unauthorized endpoint exposed sensitive information
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...
CVE-2024-39676
CVE-2024-39676 affects Apache Pinot (versions 0.1 up to, but not including, 1.0.0). The vulnerability arises from exposing sensitive information via the /appconfigs endpoint due to insufficient access controls. Exploitation could disclose system details (arch, OS version), environment info (maxHe...
CVE-2024-39676 Apache Pinot: Unauthorized endpoint exposed sensitive information
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...