CVE-2023-33189

Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.

Published: May 30, 2023
Updated: May 9, 2024
CVE: CVE-2023-33189
GHSA: GHSA-pvrc-wvj2-f59p
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-285

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
github.com/pomerium/pomerium	0.22.0	0.22.2
github.com/pomerium/pomerium	0.21.0	0.21.4
github.com/pomerium/pomerium	0.20.0	0.20.1
github.com/pomerium/pomerium	0.19.0	0.19.2
github.com/pomerium/pomerium	0.18.0	0.18.1
github.com/pomerium/pomerium	-	0.17.4
pomerium / pomerium	-	0.17.4
pomerium / pomerium	0.22.0	0.22.2
pomerium / pomerium	0.21.0	0.21.4
pomerium / pomerium	0.20.0	0.20.0.x
pomerium / pomerium	0.19.0	0.19.2
pomerium / pomerium	0.18.0	0.18.0.x

https://github.com/pomerium/pomerium/commit/d315e683357a9b587ba9ef399a8813bcc52fdebb
https://github.com/pomerium/pomerium/releases/tag/v0.17.4
https://github.com/pomerium/pomerium/releases/tag/v0.18.1
https://github.com/pomerium/pomerium/releases/tag/v0.19.2
https://github.com/pomerium/pomerium/releases/tag/v0.20.1
https://github.com/pomerium/pomerium/releases/tag/v0.21.4
https://github.com/pomerium/pomerium/releases/tag/v0.22.2
https://github.com/pomerium/pomerium/security/advisories/GHSA-pvrc-wvj2-f59p

Vulnerability Database

289,599

CVE-2023-33189