CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26701
https://notcve.org/view.php?id=CVE-2025-26701
11 Mar 2025 — An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3 3.0.0-1.ova and later. • https://www.percona.com/blog/security-advisory-cve-affecting-percona-monitoring-and-management-pmm • CWE-1393: Use of Default Password •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2023-34409
https://notcve.org/view.php?id=CVE-2023-34409
06 Jun 2023 — In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure. • https://www.percona.com/blog/pmm-authentication-bypass-vulnerability-fixed-in-2-37-1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7920
https://notcve.org/view.php?id=CVE-2020-7920
06 Feb 2020 — pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service. pmm-server en Percona Monitoring and Management (PMM) versiones 2.2.x anteriores a 2.2.1, permite una denegación de servicio no autenticada. • https://jira.percona.com/browse/PMM-5232 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •