CVE-2023-33189

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-33189

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33189.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-33189

Aliases

Published

2023-05-30T05:39:45.132Z

Modified

2025-12-20T02:52:10.186670Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS Calculator

Summary

Incorrect Authorization with specially crafted requests

Details

Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.

Database specific

{
    "cwe_ids": [
        "CWE-285"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33189.json"
}

References

Affected packages

Git / github.com/pomerium/pomerium

Affected ranges

Type

GIT

Repo

https://github.com/pomerium/pomerium

Events

Introduced

0cc9da26cf5213848410c94e145d1c6991fa2da4

Fixed

6efd1d6bc9e5e406b92bb62e5e5fbf18aad6b7d2

Database specific

{
    "versions": [
        {
            "introduced": "0.22.0"
        },
        {
            "fixed": "0.22.2"
        }
    ]
}

Type

GIT

Repo

https://github.com/pomerium/pomerium

Events

Introduced

3eaa60948c649588d0de37c4fabe3b2263865a7f

Fixed

84901e4e78427c8ca822fa753072d4bf0d43bd52

Database specific

{
    "versions": [
        {
            "introduced": "0.21.0"
        },
        {
            "fixed": "0.21.4"
        }
    ]
}

Type

GIT

Repo

https://github.com/pomerium/pomerium

Events

Introduced

9413123c0f95990e50e66684704111f51a23e26c

Fixed

2bc2be793fa417a00073f40777962db9da610b08

Database specific

{
    "versions": [
        {
            "introduced": "0.20.0"
        },
        {
            "fixed": "0.20.1"
        }
    ]
}

Type

GIT

Repo

https://github.com/pomerium/pomerium

Events

Introduced

33794ff3165e00808136d5b184b1d1ca949a871c

Fixed

d7a4d32505f40f25c0d8ae3de5e2e3527da21bb6

Database specific

{
    "versions": [
        {
            "introduced": "0.19.0"
        },
        {
            "fixed": "0.19.2"
        }
    ]
}

Type

GIT

Repo

https://github.com/pomerium/pomerium

Events

Introduced

89a105c8e6478196cb9dd40371749c339d274f10

Fixed

f2c44f411e6382289d8923d07419f9513a5d333d

Database specific

{
    "versions": [
        {
            "introduced": "0.18.0"
        },
        {
            "fixed": "0.18.1"
        }
    ]
}

Type

GIT

Repo

https://github.com/pomerium/pomerium

Events

Introduced

Fixed

0d34e3d00c16d0e951e6e18f1992531cc10c96c6

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.17.4"
        }
    ]
}

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.1.0

v0.10.0

v0.10.0-rc1

v0.10.0-rc2

v0.10.0-rc3

v0.11.0

v0.11.0-rc1

v0.11.0-rc2

v0.12.0

v0.14.0

v0.14.0-rc2

v0.15.0

v0.15.6

v0.16.0

v0.17.0

v0.17.1

v0.17.2

v0.17.3

v0.18.0

v0.19.0

v0.19.1

v0.2.0

v0.20.0

v0.21.0

v0.21.1

v0.21.2

v0.21.3

v0.22.0

v0.22.1

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.7.1

v0.7.2

v0.8.0

v0.9.0