CVE-2023-33189

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-33189
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33189.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-33189
Aliases
Published
2023-05-30T05:39:45.132Z
Modified
2025-11-19T20:03:01.196718Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
Summary
Incorrect Authorization with specially crafted requests
Details

Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.

Database specific 
{
    "cwe_ids": [
        "CWE-285"
    ]
}
References

Affected packages

Git / github.com/pomerium/pomerium

Affected ranges

Type
GIT
Repo
https://github.com/pomerium/pomerium
Events
Introduced
0cc9da26cf5213848410c94e145d1c6991fa2da4
Fixed
6efd1d6bc9e5e406b92bb62e5e5fbf18aad6b7d2
Database specific 
{
    "versions": [
        {
            "introduced": "0.22.0"
        },
        {
            "fixed": "0.22.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/pomerium/pomerium
Events
Introduced
3eaa60948c649588d0de37c4fabe3b2263865a7f
Fixed
84901e4e78427c8ca822fa753072d4bf0d43bd52
Database specific 
{
    "versions": [
        {
            "introduced": "0.21.0"
        },
        {
            "fixed": "0.21.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/pomerium/pomerium
Events
Introduced
9413123c0f95990e50e66684704111f51a23e26c
Fixed
2bc2be793fa417a00073f40777962db9da610b08
Database specific 
{
    "versions": [
        {
            "introduced": "0.20.0"
        },
        {
            "fixed": "0.20.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/pomerium/pomerium
Events
Introduced
33794ff3165e00808136d5b184b1d1ca949a871c
Fixed
d7a4d32505f40f25c0d8ae3de5e2e3527da21bb6
Database specific 
{
    "versions": [
        {
            "introduced": "0.19.0"
        },
        {
            "fixed": "0.19.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/pomerium/pomerium
Events
Introduced
89a105c8e6478196cb9dd40371749c339d274f10
Fixed
f2c44f411e6382289d8923d07419f9513a5d333d
Database specific 
{
    "versions": [
        {
            "introduced": "0.18.0"
        },
        {
            "fixed": "0.18.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/pomerium/pomerium
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0d34e3d00c16d0e951e6e18f1992531cc10c96c6
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.17.4"
        }
    ]
}

Affected versions

v0.*

v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.1.0
v0.10.0
v0.10.0-rc1
v0.10.0-rc2
v0.10.0-rc3
v0.11.0
v0.11.0-rc1
v0.11.0-rc2
v0.12.0
v0.14.0
v0.14.0-rc2
v0.15.0
v0.15.6
v0.16.0
v0.17.0
v0.17.1
v0.17.2
v0.17.3
v0.18.0
v0.19.0
v0.19.1
v0.2.0
v0.20.0
v0.21.0
v0.21.1
v0.21.2
v0.21.3
v0.22.0
v0.22.1
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.7.1
v0.7.2
v0.8.0
v0.9.0