An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system.
An internal database user in PMM possesses excessive superuser privileges. An attacker with pmm-admin rights can exploit the 'Add data source' feature (adding a data source) to abuse these privileges. Through a specially crafted request, it is possible to escape the isolated database context and execute system commands (RCE) at the operating system level.
An attacker can execute arbitrary shell commands on the server hosting Percona PMM, leading to full system compromise — including access to sensitive data, configuration modification, and potential lateral movement within the network.
Percona PMM should be updated to version 3.7.0 or later, in which the described vulnerability has been removed. Patch details are available in the official release notes at the address indicated in the vendor references.
Percona Monitoring and Management (PMM) in versions prior to 3.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HPercona Monitoring And Management
APPPercona< 3.7.0
Related vulnerabilities
In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server....
pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of serv...
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` all...
An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the...
The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset...