46 matches found
EUVD-2026-37951
mcp-pinot: Unauthenticated tool invocation via default oauthenabled=False + host 0.0.0.0 bind...
CVE-2022-26112
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...
EUVD-2022-6919
Malicious code in bioql PyPI...
EUVD-2022-1594
Malicious code in bioql PyPI...
EUVD-2025-9317
Malicious code in bioql PyPI...
CVE-2024-39676
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...
CVE-2022-23974
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release...
The vulnerability of the Apache Pinot OLAP data store, related to incorrect restrictions on the path name to the restricted catalog, allows attackers to disclose protected information.
The vulnerability of the Apache Pinot OLAP data store is related to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow an attacker, operating remotely, to expose protected information by sending a specially crafted GET request...
Authentication Bypass
Apache Pinot is vulnerable to Authentication Bypass. The vulnerability is due to improper request path validation due to the application's failure to enforce authentication when the request path contains a semicolon ; and lacks a forward slash /, allowing unauthorized user creation...
GHSA-6JWP-4WVJ-6597 Apache Pinot Vulnerable to Authentication Bypass
Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...
Apache Pinot Vulnerable to Authentication Bypass
Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...
CVE-2024-56325 Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required
Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...
CVE-2024-56325 Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required
Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...
Apache Pinot 安全漏洞
Apache Pinot is a real-time distributed OLAP data store from the Apache USA Foundation. It is designed to provide ultra-low latency analytics. A security vulnerability exists in Apache Pinot versions prior to 1.3 that stems from an authentication bypass issue that allows unauthorized users to add...
Apache Pinot Improper Neutralization of Special Elements Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Apache Pinot. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthenticationFilter class. The issue results from insufficient neutralization of specia...
GHSA-8GJ9-R4HV-3JJW Apache Pinot: Unauthorized endpoint exposed sensitive information
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path /appconfigs to the...
Apache Pinot: Unauthorized endpoint exposed sensitive information
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path /appconfigs to the...
CVE-2024-39676
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...
CVE-2024-39676
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...
CVE-2024-39676 Apache Pinot: Unauthorized endpoint exposed sensitive information
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...