Apache Pinot Security Update Advisory (CVE-2024-39676)

Overview

 

Apache has released an update to address a vulnerability in Apache Pinot. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-39676

  • Apache Pinot versions: 0.1 (inclusive) ~ 1.0.0 (exclusive)

 

 

Resolved Vulnerabilities

 

Vulnerability that could allow an unauthorized user to disclose system information and settings via the /appconfigs path (CVE-2024-39676)

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-39676

  • Apache Pinot version: 1.0.0

 

 

Referenced Sites

[1] CVE-2024-39676 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-39676

[2] CVE-2024-39676: Apache Pinot: Unauthorized endpoint exposed sensitive information

https://lists.apache.org/thread/hsm0b2w8qr0sqy4rj1mfnnw286tslpzc

Article Link: Apache Pinot Security Update Advisory (CVE-2024-39676) – ASEC