Apache Pinot CVE-2024-56325 Auth bypass #152
Conversation
|
Hello @joernNNN. Feel free to reach out |
| ARG PINOT_VERSION=1.2.0 | ||
|
|
||
| RUN apt update && apt install wget -y | ||
| RUN wget https://www.apache.org/dyn/closer.lua/pinot/apache-pinot-${PINOT_VERSION}/apache-pinot-${PINOT_VERSION}-bin.tar.gz?action=download -O apache-pinot-${PINOT_VERSION}-bin.tar.gz |
There was a problem hiding this comment.
@leonardo-doyensec
This line is the issue. At the time I was building this image, the download speed was unlimited, and I built the image quickly. However, now, even on a powerful server, I'm experiencing a very low download speed.
There was a problem hiding this comment.
Hi @joernNNN,
I suggest downloading the software from Docker. You can use the official Pinot base as follows:
docker-compose.yml
services:
pinot:
image: apachepinot/pinot:${PINOT_VERSION:-1.2.0}
container_name: pinot
working_dir: /opt/pinot
volumes:
- ./controller.conf:/opt/pinot/controller.conf:ro
- ./broker.conf:/opt/pinot/broker.conf:ro
- ./server.conf:/opt/pinot/server.conf:ro
- ./minion.conf:/opt/pinot/minion.conf:ro
- ./start-pinot.sh:/opt/pinot/start-pinot.sh:ro
entrypoint: "/opt/pinot/start-pinot.sh"
ports:
- "9000:9000"
- "8099:8099"
- "8098:8098"
- "8097:8097"Then, update the README to use:
PINOT_VERSION=1.3.0 docker compose up -d # Safe
PINOT_VERSION=1.2.0 docker compose up -d # VulnThis way, the Dockerfile is no longer needed. Please verify whether the configuration files are still required and remove any that are superfluous. Thank you.
google/tsunami-security-scanner-plugins#621
google/tsunami-security-scanner-plugins#683