← voltar
CVE-2023-33189

Incorrect Authorization with specially crafted requests

CVSS 10 CRITICALEPSS 0.9%CWE-285
Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Produtos afetados
pomerium · pomerium

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/pomerium/pomerium/commit/d315e683357a9b587ba9ef399a8813bcc52fdebbhttps://github.com/pomerium/pomerium/releases/tag/v0.17.4https://github.com/pomerium/pomerium/releases/tag/v0.18.1https://github.com/pomerium/pomerium/releases/tag/v0.19.2https://github.com/pomerium/pomerium/releases/tag/v0.20.1https://github.com/pomerium/pomerium/releases/tag/v0.21.4https://github.com/pomerium/pomerium/releases/tag/v0.22.2https://github.com/pomerium/pomerium/security/advisories/GHSA-pvrc-wvj2-f59p