CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2023-34409
https://notcve.org/view.php?id=CVE-2023-34409
06 Jun 2023 — In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure. • https://www.percona.com/blog/pmm-authentication-bypass-vulnerability-fixed-in-2-37-1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7920
https://notcve.org/view.php?id=CVE-2020-7920
06 Feb 2020 — pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service. pmm-server en Percona Monitoring and Management (PMM) versiones 2.2.x anteriores a 2.2.1, permite una denegación de servicio no autenticada. • https://jira.percona.com/browse/PMM-5232 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •