Overview
Apache has released an update to address a vulnerability in Apache Pinot. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-39676
- Apache Pinot versions: 0.1 (inclusive) ~ 1.0.0 (exclusive)
Resolved Vulnerabilities
Vulnerability that could allow an unauthorized user to disclose system information and settings via the /appconfigs path (CVE-2024-39676)
Vulnerability Patches
Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-39676
- Apache Pinot version: 1.0.0
Referenced Sites
[1] CVE-2024-39676 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-39676
[2] CVE-2024-39676: Apache Pinot: Unauthorized endpoint exposed sensitive information
https://lists.apache.org/thread/hsm0b2w8qr0sqy4rj1mfnnw286tslpzc
Article Link: Apache Pinot Security Update Advisory (CVE-2024-39676) – ASEC