CVE-2023-33189

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-33189

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33189.json

Aliases

GHSA-pvrc-wvj2-f59p

Published

2023-05-30T06:16:37Z

Modified

2023-11-29T10:05:55.877135Z

Details

Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.

References

Affected packages

Git / github.com/pomerium/pomerium

Affected ranges

Type: GIT
Repo: https://github.com/pomerium/pomerium
Events: Introduced

0The exact introduced commit is unknown

Fixed

d315e683357a9b587ba9ef399a8813bcc52fdebb

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.1.0

v0.10.0

v0.10.0-rc1

v0.10.0-rc2

v0.10.0-rc3

v0.11.0

v0.11.0-rc1

v0.11.0-rc2

v0.12.0

v0.14.0

v0.14.0-rc2

v0.15.0

v0.15.6

v0.16.0

v0.17.0

v0.18.0

v0.19.0

v0.2.0

v0.20.0

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.7.1

v0.7.2

v0.8.0

v0.9.0