CVE-2022-23974
Last modified
CVE-2022-23974 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. EPSS estimates a 2.00% chance of exploitation in the next 30 days.
Description
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Pinot | < 0.10.0 |
References
- https://lists.apache.org/thread/3dk8pf1n02p8oj2j3czbtchyjsf8khwrMailing List, Release Notes, Vendor Advisory
- https://lists.apache.org/thread/3dk8pf1n02p8oj2j3czbtchyjsf8khwrMailing List, Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-23974?
How severe is CVE-2022-23974?
How do I fix CVE-2022-23974?
Are you affected by CVE-2022-23974?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST