CVE-2023-33189

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-33189
Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/pomerium/pomerium/commit/d315e683357a9b587ba9ef399a8813bcc52fdebb Patch
https://github.com/pomerium/pomerium/releases/tag/v0.17.4 Release Notes
https://github.com/pomerium/pomerium/releases/tag/v0.18.1 Release Notes
https://github.com/pomerium/pomerium/releases/tag/v0.19.2 Release Notes
https://github.com/pomerium/pomerium/releases/tag/v0.20.1 Release Notes
https://github.com/pomerium/pomerium/releases/tag/v0.21.4 Release Notes
https://github.com/pomerium/pomerium/releases/tag/v0.22.2 Release Notes
https://github.com/pomerium/pomerium/security/advisories/GHSA-pvrc-wvj2-f59p Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pomerium:pomerium:*:*:*:*:*:*:*:*
cpe:2.3:a:pomerium:pomerium:*:*:*:*:*:*:*:*
cpe:2.3:a:pomerium:pomerium:*:*:*:*:*:*:*:*
cpe:2.3:a:pomerium:pomerium:*:*:*:*:*:*:*:*
cpe:2.3:a:pomerium:pomerium:0.18.0:*:*:*:*:*:*:*
cpe:2.3:a:pomerium:pomerium:0.20.0:*:*:*:*:*:*:*
History

05 Jun 2023, 17:04

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:pomerium:pomerium:*:*:*:*:*:*:*:*
cpe:2.3:a:pomerium:pomerium:0.18.0:*:*:*:*:*:*:*
cpe:2.3:a:pomerium:pomerium:0.20.0:*:*:*:*:*:*:*
References (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.19.2 - (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.19.2 - Release Notes
References (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.17.4 - (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.17.4 - Release Notes
References (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.21.4 - (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.21.4 - Release Notes
References (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.18.1 - (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.18.1 - Release Notes
References (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.20.1 - (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.20.1 - Release Notes
References (MISC) https://github.com/pomerium/pomerium/security/advisories/GHSA-pvrc-wvj2-f59p - (MISC) https://github.com/pomerium/pomerium/security/advisories/GHSA-pvrc-wvj2-f59p - Vendor Advisory
References (MISC) https://github.com/pomerium/pomerium/commit/d315e683357a9b587ba9ef399a8813bcc52fdebb - (MISC) https://github.com/pomerium/pomerium/commit/d315e683357a9b587ba9ef399a8813bcc52fdebb - Patch
References (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.22.2 - (MISC) https://github.com/pomerium/pomerium/releases/tag/v0.22.2 - Release Notes
CWE NVD-CWE-Other

30 May 2023, 06:16

Type Values Removed Values Added
New CVE
Information

Published : 2023-05-30 06:16

Updated : 2024-02-04 23:37

NVD link : CVE-2023-33189

Mitre link : CVE-2023-33189

CVE.ORG link : CVE-2023-33189

JSON object : View

Products Affected

pomerium

  • pomerium
CWE
NVD-CWE-Other CWE-285

Improper Authorization