org.apache.pinot:pinot-controller 0.9.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.pinot:pinot-controller package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
C Authentication Bypass Using an Alternate Path or Channel Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to improper handling of specific path conditions in the authentication process, where the path does not contain `/` and contains `.`. An attacker can gain unauthorized access and perform actions with administrative privileges by crafting a malicious request that bypasses normal authentication checks. How to fix Authentication Bypass Using an Alternate Path or Channel? Upgrade `org.apache.pinot:pinot-controller` to version 1.3.0 or higher.	[,1.3.0)
H Information Exposure Affected versions of this package are vulnerable to Information Exposure through the `appconfigs` endpoint. Note: This is only exploitable if the Role-Based Access Control (RBAC) is not properly configured. How to fix Information Exposure? Upgrade `org.apache.pinot:pinot-controller` to version 1.0.0 or higher.	[0.1,1.0.0)
M Improper Input Validation Affected versions of this package are vulnerable to Improper Input Validation in unprotected environments due to a groovy function support. How to fix Improper Input Validation? Upgrade `org.apache.pinot:pinot-controller` to version 0.11.0 or higher.	[0,0.11.0)

Vulnerability

Vulnerable Version

Authentication Bypass Using an Alternate Path or Channel

Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to improper handling of specific path conditions in the authentication process, where the path does not contain / and contains .. An attacker can gain unauthorized access and perform actions with administrative privileges by crafting a malicious request that bypasses normal authentication checks.

How to fix Authentication Bypass Using an Alternate Path or Channel?

Upgrade org.apache.pinot:pinot-controller to version 1.3.0 or higher.

[,1.3.0)

Information Exposure

Affected versions of this package are vulnerable to Information Exposure through the appconfigs endpoint.

Note: This is only exploitable if the Role-Based Access Control (RBAC) is not properly configured.

How to fix Information Exposure?

Upgrade org.apache.pinot:pinot-controller to version 1.0.0 or higher.

[0.1,1.0.0)

Improper Input Validation

Affected versions of this package are vulnerable to Improper Input Validation in unprotected environments due to a groovy function support.

How to fix Improper Input Validation?

Upgrade org.apache.pinot:pinot-controller to version 0.11.0 or higher.

[0,0.11.0)

org.apache.pinot:pinot-controller@0.9.0 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?