Maven package
org.apache.pinot/pinot-controller
pkg:maven/org.apache.pinot/pinot-controller
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-56325 | — | < 1.3.0 | 1.3.0 | Apr 1, 2025 | Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\", | ||
| CVE-2024-39676 | — | >= 0.1, < 1.0.0 | 1.0.0 | Jul 24, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to pat |
- CVE-2024-56325Apr 1, 2025affected < 1.3.0fixed 1.3.0
Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",
- CVE-2024-39676Jul 24, 2024affected >= 0.1, < 1.0.0fixed 1.0.0
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to pat