com.navercorp.pinpoint:pinpoint-batch (>=3.0.0 <=3.0.5), com.navercorp.pinpoint:pinpoint-collector-starter (>=3.0.0 <=3.0.5) +65 more potentially affected by CVE-2024-56325 via org.apache.pinot:pinot-common (>=0.1.0 <=1.2.0)

org.apache.pinot:pinot-common MAVEN version =0.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1, =3.0.1, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =2024.4.0, =2025.1.1 and more Source cves: CVE-2024-56325 Source advisory: OSV:GHSA-6JWP-4WVJ-6597...

org.apache.pinot:pinot-flink-connector (>=1.0.0 <=1.2.0), org.apache.pinot:pinot-minion-builtin-tasks (>=1.0.0 <=1.2.0) +1 more potentially affected by CVE-2024-56325 via org.apache.pinot:pinot-controller (>=1.0.0 <=1.2.0)

org.apache.pinot:pinot-controller MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 Source cves: CVE-2024-56325 Source advisory: SNYK:JAVA-ORGAPACHEPINOT-9637840...

GHSA-6JWP-4WVJ-6597 Apache Pinot Vulnerable to Authentication Bypass

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...

CVE-2024-56325

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...

CVE-2024-56325 Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...

CVE-2024-56325 Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...

Apache Pinot 安全漏洞

Apache Pinot is a real-time distributed OLAP data store from the Apache USA Foundation. It is designed to provide ultra-low latency analytics. A security vulnerability exists in Apache Pinot versions prior to 1.3 that stems from an authentication bypass issue that allows unauthorized users to add...

The vulnerability of the AuthenticationFilter class in the Apache Pinot OLAP data store allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the AuthenticationFilter class in the Apache Pinot OLAP data store is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to influence the confidentiality, integrity, and accessibility of the protected information...

Apache Pinot Improper Neutralization of Special Elements Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Apache Pinot. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthenticationFilter class. The issue results from insufficient neutralization of specia...

Malicious code in pinot-controller-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83ea1a5f03364deddf9525a13146b4cf1bece3baf1ce56a10c1ea5e424f6aeb3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1493 Malicious code in pinot-controller-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83ea1a5f03364deddf9525a13146b4cf1bece3baf1ce56a10c1ea5e424f6aeb3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Apache Pinot: Unauthorized endpoint exposed sensitive information

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path /appconfigs to the...

org.apache.pinot:pinot-compatibility-verifier (=0.10.0), org.apache.pinot:pinot-distribution (>=0.1.0 <=0.10.0) +7 more potentially affected by CVE-2024-39676 via org.apache.pinot:pinot-controller (>=0.10.0 <=0.9.3)

org.apache.pinot:pinot-controller MAVEN version =0.10.0, =0.1.0, =0.11.0, =0.9.0, =0.1.0, =0.8.0, =0.8.0, =0.1.0, =0.1.0, =0.10.0 Source cves: CVE-2024-39676 Source advisory: OSV:GHSA-8GJ9-R4HV-3JJW...

GHSA-8GJ9-R4HV-3JJW Apache Pinot: Unauthorized endpoint exposed sensitive information

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path /appconfigs to the...

CVE-2024-39676

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...

CVE-2024-39676

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...

CVE-2024-39676 Apache Pinot: Unauthorized endpoint exposed sensitive information

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...

CVE-2024-39676

CVE-2024-39676 affects Apache Pinot (versions 0.1 up to, but not including, 1.0.0). The vulnerability arises from exposing sensitive information via the /appconfigs endpoint due to insufficient access controls. Exploitation could disclose system details (arch, OS version), environment info (maxHe...

CVE-2024-39676 Apache Pinot: Unauthorized endpoint exposed sensitive information

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...

Apache Pinot 信息泄露漏洞

Apache Pinot is a real-time distributed OLAP data store from the Apache USA Foundation. It is designed to provide ultra-low latency analytics. A security vulnerability exists in Apache Pinot versions 0.1 through prior to 1.0.0, which stems from a vulnerability that can be exploited by an attacker...