cbcvebase.

Percona Monitoring And Management vulnerabilities

4 known vulnerabilities affecting percona/monitoring_and_management.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1

Vulnerabilities

Page 1 of 1
CVE-2026-25212P2CRITICALCVSS 9.9fixed in 3.7.02026-04-02
CVE-2026-25212 [CRITICAL] CWE-250 CVE-2026-25212: An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specifi An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system.
nvd
CVE-2023-34409P3CRITICALCVSS 9.8≥ 2.0.0, < 2.37.12023-06-06
CVE-2023-34409 [CRITICAL] CWE-22 CVE-2023-34409: In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in au In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API r
nvd
CVE-2025-26701P3CRITICALCVSS 10.0≥ 2.38, < 2.42.0-1.ova≥ 2.43.0, < 2.43.0-1.ova+4 more2025-03-11
CVE-2025-26701 [CRITICAL] CWE-1393 CVE-2025-26701: An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and 2.44.0-1.ova and in PMM3 3.0.0-1.ova and later.
nvd
CVE-2020-7920P3HIGHCVSS 7.5≥ 2.2.0, < 2.2.12020-02-06
CVE-2020-7920 [HIGH] CWE-835 CVE-2020-7920: pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated deni pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service.
nvd
Percona Monitoring And Management vulnerabilities | cvebase