CVE-2023-33189

Summary

Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.

Affected Software

VendorProductVersion RangeStatus
pomeriumpomerium>= 0.22.0, < 0.22.2affected
pomeriumpomerium>= 0.21.0, < 0.21.4affected
pomeriumpomerium>= 0.20.0, < 0.20.1affected
pomeriumpomerium>= 0.19.0, < 0.19.2affected
pomeriumpomerium>= 0.18.0, < 0.18.1affected
pomeriumpomerium< 0.17.4affected

Weaknesses

  • CWE-285: CWE-285: Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References