Lucene search

[email protected]NVD:CVE-2023-34409

HistoryJun 06, 2023 - 8:15 p.m.

CVE-2023-34409

2023-06-0620:15:14

CWE-22

[email protected]

web.nvd.nist.gov

percona monitoring and management

pmm

server vulnerability

authenticate function

url paths

path traversal

unauthenticated remote user

crafted post request

api routes

escalation of privileges

information disclosure

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

65.4%

JSON

In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure.

Affected configurations

Nvd

Node

perconamonitoring_and_managementRange2.0.0–2.37.1

VendorProductVersionCPE
perconamonitoring_and_management*cpe:2.3:a:percona:monitoring_and_management:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
percona	monitoring_and_management	*	cpe:2.3:a:percona:monitoring_and_management::::::::

References

www.percona.com/blog/pmm-authentication-bypass-vulnerability-fixed-in-2-37-1/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

65.4%

JSON

Related for NVD:CVE-2023-34409

cve1 cvelist1 prion1