Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Percona Monitoring and Management 路径遍历漏洞
Vulnerability Description
Percona Monitoring and Management是美国Percona公司的一个开源数据库监控解决方案。 Percona Monitoring and Management server 2.37.1之前的2.x版本存在安全漏洞,该漏洞源于auth_server.go中的身份验证功能没有正确地形式化和清理URL路径以拒绝路径遍历尝试。
CVSS Information
N/A
Vulnerability Type
N/A