CVE-2024-39676

Name of the Vulnerable Software and Affected Versions Apache Pinot versions 0.1 through 1.0.0

Description The issue affects Apache Pinot, allowing the exposure of sensitive information to unauthorized actors. When a request is made to the /appconfigs path, it can lead to the disclosure of system information, environment information, and Pinot configurations. This issue was addressed by implementing Role-based Access Control, which allows for access control to the /appConfigs endpoint and other APIs, restricting access to only authorized users.

Recommendations To resolve the issue, users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Additionally, users need to add the admin role accordingly to the RBAC guide to control access to the /appconfigs endpoint.