Vulnerability in Apache Software Foundation Pinot

CVE-2024-56325

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password…

EPSS: 0.767 (99.5th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Pinot — versions 0

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

References

lists.apache.org/thread/ksf8qsndr1h66otkbjz2wrzsbw992r8v (vendor-advisory)