CRITICAL🇬🇧 English

CVE-2023-33189

CVSS 10.0v3.1pub. 2023-05-30upd. 2024-11-21

Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
  • Pomerium

    APP
    Pomerium
    0.18.00.20.0< 0.17.40.19.0 – 0.19.2 (bez)0.21.0 – 0.21.4 (bez)0.22.0 – 0.22.2 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-39204HIGH7.5ten sam produkt

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles...

CVE-2021-39206HIGH8.6ten sam produkt

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two author...

CVE-2021-39162HIGH8.6ten sam produkt

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally term...

CVE-2024-39315MEDIUM5.7ten sam produkt

Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page (...

CVE-2022-24797MEDIUM6.5ten sam produkt

Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service expos...