3 matches found
CVE-2020-7920
PMM PMM-Server 2.2.x is affected by CVE-2020-7920 and before-2.2.1, allowing unauthenticated denial of service. The vulnerability affects the pmm-server component within Percona Monitoring and Management; no root-cause details are provided in the sources beyond the generic DoS description. Remedi...
CVE-2023-34409
Summary: CVE-2023-34409 affects Percona Monitoring and Management (PMM) server 2.x up to 2.37.1. The vulnerability stems from the authenticate function in auth_server.go, which does not properly formalize or sanitize URL paths to reject path traversal. This allows an unauthenticated remote user t...
CVE-2026-25212
Percona PMM prior to 3.7 is affected. An internal database user with superuser privileges can leverage the pmm-admin authenticated Add data source flow to break out of the database context and run shell commands on the underlying OS. This is evidenced in multiple sources (e.g., Percona release no...