exploitDog

CVE-2023-34409

Опубликовано: 06 июн. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure.

Ссылки

https://www.percona.com/blog/pmm-authentication-bypass-vulnerability-fixed-in-2-37-1/
Vendor Advisory
https://www.percona.com/blog/pmm-authentication-bypass-vulnerability-fixed-in-2-37-1/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:percona:monitoring_and_management:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.37.1 (исключая)

EPSS

Процентиль: 87%

0.03466

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-jxc6-p894-679v

CVSS3: 9.8

github

больше 2 лет назад

In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure.

EPSS

Процентиль: 87%

0.03466

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-22

CWE-22