CVE-2023-33189

EUVD-2023-1604
Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
GitHub_MCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
pomeriumpomerium
𝑥
< 0.17.4
pomeriumpomerium
0.19.0 ≤
𝑥
< 0.19.2
pomeriumpomerium
0.21.0 ≤
𝑥
< 0.21.4
pomeriumpomerium
0.22.0 ≤
𝑥
< 0.22.2
pomeriumpomerium
0.18.0
pomeriumpomerium
0.20.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/pomerium/pomerium/commit/d315e683357a9b587ba9ef399a8813bcc52fdebb
https://github.com/pomerium/pomerium/releases/tag/v0.17.4
https://github.com/pomerium/pomerium/releases/tag/v0.18.1
https://github.com/pomerium/pomerium/releases/tag/v0.19.2
https://github.com/pomerium/pomerium/releases/tag/v0.20.1
https://github.com/pomerium/pomerium/releases/tag/v0.21.4
https://github.com/pomerium/pomerium/releases/tag/v0.22.2
https://github.com/pomerium/pomerium/security/advisories/GHSA-pvrc-wvj2-f59p
https://github.com/pomerium/pomerium/commit/d315e683357a9b587ba9ef399a8813bcc52fdebb
https://github.com/pomerium/pomerium/releases/tag/v0.17.4
https://github.com/pomerium/pomerium/releases/tag/v0.18.1
https://github.com/pomerium/pomerium/releases/tag/v0.19.2
https://github.com/pomerium/pomerium/releases/tag/v0.20.1
https://github.com/pomerium/pomerium/releases/tag/v0.21.4
https://github.com/pomerium/pomerium/releases/tag/v0.22.2
https://github.com/pomerium/pomerium/security/advisories/GHSA-pvrc-wvj2-f59p