Percona Monitoring and Management 2.37.1
| Release date: | Jun 5, 2023 |
|---|---|
| Installation: | Installing Percona Monitoring and Management |
Percona Monitoring and Management (PMM) is an open source database monitoring, management, and observability solution for MySQL, PostgreSQL, and MongoDB.
⚠️ Important
We recommend using the latest version of PMM. This ensures that you have access to the latest PMM features and that your environment runs on the latest version of the underlying components, such as VictoriaMetrics, with all the bug fixes in place.
Release Highlights
We have identified and fixed CVE-2023-34409 in PMM 2.37.1:
PMM-12182: PMM authentication bypass vulnerability
Workaround
If you are unable to update PMM you can resolve this issue as follows:
-
Make changes to the NGINX configuration on the running PMM instance. To do so, create a Bash script with the code from this script on GitHub.
-
Apply the code using this
dockercommand on a server running the PMM Docker container (as root or using sudo):docker exec -it pmm-server bash -c 'curl -fsSL https://raw.githubusercontent.com/percona/pmm/main/scripts/authfix.sh | /bin/bash '
-
If you are running PMM via a virtual appliance (OVF or AMI), use SSH to shell into the PMM server and run this command:
curl -fsSL https://raw.githubusercontent.com/percona/pmm/main/scripts/authfix.sh | /bin/bash
For more details see, blogpost.