Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.
References
Link | Resource |
---|---|
https://github.com/pomerium/pomerium/commit/d315e683357a9b587ba9ef399a8813bcc52fdebb | Patch |
https://github.com/pomerium/pomerium/releases/tag/v0.17.4 | Release Notes |
https://github.com/pomerium/pomerium/releases/tag/v0.18.1 | Release Notes |
https://github.com/pomerium/pomerium/releases/tag/v0.19.2 | Release Notes |
https://github.com/pomerium/pomerium/releases/tag/v0.20.1 | Release Notes |
https://github.com/pomerium/pomerium/releases/tag/v0.21.4 | Release Notes |
https://github.com/pomerium/pomerium/releases/tag/v0.22.2 | Release Notes |
https://github.com/pomerium/pomerium/security/advisories/GHSA-pvrc-wvj2-f59p | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
05 Jun 2023, 17:04
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://github.com/pomerium/pomerium/security/advisories/GHSA-pvrc-wvj2-f59p - Vendor Advisory | |
References | (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.21.4 - Release Notes | |
References | (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.17.4 - Release Notes | |
References | (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.20.1 - Release Notes | |
References | (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.22.2 - Release Notes | |
References | (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.19.2 - Release Notes | |
References | (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.18.1 - Release Notes | |
References | (MISC) https://github.com/pomerium/pomerium/commit/d315e683357a9b587ba9ef399a8813bcc52fdebb - Patch | |
First Time |
Pomerium pomerium
Pomerium |
|
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:pomerium:pomerium:*:*:*:*:*:*:*:* cpe:2.3:a:pomerium:pomerium:0.18.0:*:*:*:*:*:*:* cpe:2.3:a:pomerium:pomerium:0.20.0:*:*:*:*:*:*:* |
30 May 2023, 06:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-30 06:16
Updated : 2023-12-10 15:01
NVD link : CVE-2023-33189
Mitre link : CVE-2023-33189
CVE.ORG link : CVE-2023-33189
JSON object : View
Products Affected
pomerium
- pomerium
CWE