CVE-2024-56325
- EPSS 10.17%
- Published 01.04.2025 09:15:15
- Last modified 15.07.2025 19:49:46
Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\"...
CVE-2024-39676
- EPSS 0.23%
- Published 24.07.2024 08:15:02
- Last modified 14.03.2025 18:15:28
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details:...
CVE-2022-26112
- EPSS 1.77%
- Published 23.09.2022 08:15:08
- Last modified 27.05.2025 15:15:24
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by defaul...
CVE-2022-23974
- EPSS 3.73%
- Published 05.04.2022 20:15:08
- Last modified 21.11.2024 06:49:33
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to c...