CVE-2023-33189

Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
pomeriumpomerium
𝑥
< 0.17.4
pomeriumpomerium
0.19.0 ≤
𝑥
< 0.19.2
pomeriumpomerium
0.21.0 ≤
𝑥
< 0.21.4
pomeriumpomerium
0.22.0 ≤
𝑥
< 0.22.2
pomeriumpomerium
0.18.0
pomeriumpomerium
0.20.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/pomerium/pomerium/commit/d315e683357a9b587ba9ef399a8813bcc52fdebb
https://github.com/pomerium/pomerium/releases/tag/v0.17.4
https://github.com/pomerium/pomerium/releases/tag/v0.18.1
https://github.com/pomerium/pomerium/releases/tag/v0.19.2
https://github.com/pomerium/pomerium/releases/tag/v0.20.1
https://github.com/pomerium/pomerium/releases/tag/v0.21.4
https://github.com/pomerium/pomerium/releases/tag/v0.22.2
https://github.com/pomerium/pomerium/security/advisories/GHSA-pvrc-wvj2-f59p
https://github.com/pomerium/pomerium/commit/d315e683357a9b587ba9ef399a8813bcc52fdebb
https://github.com/pomerium/pomerium/releases/tag/v0.17.4
https://github.com/pomerium/pomerium/releases/tag/v0.18.1
https://github.com/pomerium/pomerium/releases/tag/v0.19.2
https://github.com/pomerium/pomerium/releases/tag/v0.20.1
https://github.com/pomerium/pomerium/releases/tag/v0.21.4
https://github.com/pomerium/pomerium/releases/tag/v0.22.2
https://github.com/pomerium/pomerium/security/advisories/GHSA-pvrc-wvj2-f59p