CVE-2023-33189: Pomerium vulnerable to Incorrect Authorization with specially crafted requests
(updated )
Impact
With specially crafted requests, incorrect authorization decisions may be made by Pomerium.
Patches
We are releasing patch fixes to address this vulnerability going back to v0.17.X
. Please upgrade to:
- v0.22.2
- v0.21.4
- v0.20.1
- v0.19.2
- v0.18.1
- v0.17.4
For more information
If you have any questions or comments about this advisory:
- Open an issue in pomerium/pomerium
- Email us at security@pomerium.com
References
Detect and mitigate CVE-2023-33189 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →