CVE-2024-47616: Pomerium service account access token may grant unintended access to databroker API
(updated )
We’ve identified a vulnerability in the Pomerium databroker service API that may grant unintended access under specific conditions. This affects only certain Pomerium Zero and Pomerium Enterprise deployments.
References
- github.com/advisories/GHSA-r7rh-jww5-5fjr
- github.com/pomerium/pomerium
- github.com/pomerium/pomerium/commit/e018cf0fc0979d2abe25ff705db019feb7523444
- github.com/pomerium/pomerium/releases/tag/v0.27.1
- github.com/pomerium/pomerium/security/advisories/GHSA-r7rh-jww5-5fjr
- nvd.nist.gov/vuln/detail/CVE-2024-47616
- pkg.go.dev/vuln/GO-2024-3179
Detect and mitigate CVE-2024-47616 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →