The following vulnerability was published for pcp.
CVE-2024-3019[0]:
| A flaw was found in PCP. The default pmproxy configuration exposes
| the Redis server backend to the local network, allowing remote
| command execution with the privileges of the Redis user. This issue
| can only be exploited when pmproxy is running. By default, pmproxy
| is not running and needs to be started manually. The pmproxy service
| is usually started from the 'Metrics settings' page of the Cockpit
| web interface. This flaw affects PCP versions 4.3.4 and newer.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.