Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:percona:monitoring_and_management:2.0.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-34409 |
In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure. Published: June 06, 2023; 4:15:14 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |