Pomerium Incorrect Authorization Decision Vulnerability

Pomerium Incorrect Authorization Decision Vulnerability

CVE-2023-33189 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.

Learn more about our Web Application Penetration Testing UK.