Vulnerability in PMM Open Virtual Appliance (OVA) installations

Hello folks, I’ve seen the new 2.44.0-1 release for PMM2 - PMM 2.44.0-1 - Percona Monitoring and Management
This vulnerability sounds scary, so I want to ask if there is anything I need to worry about if my PMM is deployed using the following configuration:

Network: private VPC, no internet-facing traffic to the DB infrastructure on the firewall side.
Server: EC2 with PMM 2.43.0 deployed in docker
Clients: EC2 with pmm-client 2.43.0 installed as a deb package.

Thanks in advance.

Hey @Stateros,
The docs page you linked does not explicitly state it, but our press release does; this CVE does not affect docker-based installs. It only pertains to OVA installs.

2 Likes

Hi @matthewb, thank you very much for confirming.

Thanks for asking too @Stateros! I’ve passed this on to our docs team to tweak the Release Notes as well to help the next person!