Home > Vulnerability Database > CVE-2023-33189

Mend.io Vulnerability Database

CVE-2023-33189

Good to know:

Date: May 30, 2023

Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.

Language: Go

Severity Score

10.0

Related Resources (11)

Url: https://github.com/pomerium/pomerium

Url: https://github.com/pomerium/pomerium/commit/d315e683357a9b587ba9ef399a8813bcc52fdebb

Url: https://github.com/pomerium/pomerium/releases/tag/v0.22.2

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-33189

Url: https://github.com/pomerium/pomerium/releases/tag/v0.21.4

Url: https://github.com/pomerium/pomerium/security/advisories/GHSA-pvrc-wvj2-f59p

Url: https://github.com/pomerium/pomerium/releases/tag/v0.20.1

Url: https://github.com/pomerium/pomerium/releases/tag/v0.18.1

Url: https://github.com/pomerium/pomerium/releases/tag/v0.17.4

Url: https://github.com/pomerium/pomerium/releases/tag/v0.19.2

Url: https://www.mend.io/vulnerability-database/CVE-2023-33189

Severity Score

10.0

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version github.com/pomerium/pomerium - v0.22.2;github.com/pomerium/pomerium - v0.21.4;github.com/pomerium/pomerium - v0.20.1;github.com/pomerium/pomerium - v0.19.2;github.com/pomerium/pomerium - v0.18.1;github.com/pomerium/pomerium - v0.17.4

Learn More

CVSS v3.1

Base Score:	10.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-33189

Good to know:

Date: May 30, 2023

Language: Go

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?