CVE-2023-33189

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-33189

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33189.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-33189

Aliases

Published

2023-05-30T05:39:45.132Z

Modified

2026-04-26T03:48:27.789427Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS Calculator

Summary

Incorrect Authorization with specially crafted requests

Details

Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-285"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33189.json"
}

References

Affected packages

Git / github.com/pomerium/pomerium

Affected ranges

Type: GIT
Repo: https://github.com/pomerium/pomerium
Events: Introduced

89a105c8e6478196cb9dd40371749c339d274f10

Fixed

0d34e3d00c16d0e951e6e18f1992531cc10c96c6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33189.json"