Apache Pinot Vulnerability Allows Attackers to Bypass Authentication

A significant security vulnerability affecting Apache Pinot, an open-source distributed data store designed for real-time analytics, has been publicly disclosed.

The flaw, identified as CVE-2024-56325, allows remote attackers to bypass authentication on vulnerable installations, posing a critical threat to affected systems.

Vulnerability Details

The vulnerability stems from improper neutralization of special elements in URIs handled by the AuthenticationFilter class.

According to Zero Day Initiative reports, the flaw enables attackers to bypass authentication mechanisms due to insufficient validation or sanitization of certain characters.

This means that authentication is not required to exploit the vulnerability, which significantly lowers the barrier for potential attackers.

The vulnerability has been assessed a CVSS score of 9.8, indicating its severity.

With attack vector listed as AV:N, exploitation can be achieved remotely over a network without requiring any privileges or user interaction.

Successful exploitation could grant attackers access to sensitive information and enable them to ...