Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.
{
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-285"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33189.json"
}{
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "0.17.4"
},
{
"introduced": "0.19.0"
},
{
"fixed": "0.19.2"
},
{
"introduced": "0.21.0"
},
{
"fixed": "0.21.4"
},
{
"introduced": "0.22.0"
},
{
"fixed": "0.22.2"
},
{
"introduced": "0.18.0"
},
{
"last_affected": "0.18.0"
},
{
"introduced": "0.20.0"
},
{
"last_affected": "0.20.0"
}
],
"cpe": [
"cpe:2.3:a:pomerium:pomerium:*:*:*:*:*:*:*:*",
"cpe:2.3:a:pomerium:pomerium:0.18.0:*:*:*:*:*:*:*",
"cpe:2.3:a:pomerium:pomerium:0.20.0:*:*:*:*:*:*:*"
]
}