Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:NPomerium
APPPomerium0.18.00.20.0< 0.17.40.19.0 – 0.19.2 (bez)0.21.0 – 0.21.4 (bez)0.22.0 – 0.22.2 (bez)
Related vulnerabilities
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles...
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two author...
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally term...
Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page (...
Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service expos...