CVE-2023-33189
Pomerium vulnerable to Incorrect Authorization with specially crafted requests in github.com/pomerium/pomerium
10.0
CRITICAL
CVSS 3.1
EPSS 0.58%
Description
Pomerium vulnerable to Incorrect Authorization with specially crafted requests in github.com/pomerium/pomerium
How to fix CVE-2023-33189
To remediate CVE-2023-33189, upgrade the affected package to a fixed version below.
- Go/github.com/pomerium/pomerium—upgrade to 0.22.2 or later
- —upgrade to 0.17.4 or later
Is CVE-2023-33189 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 0.22.0, < 0.22.2
- from 0, < 0.17.4, >= 0.18.0, < 0.18.1, >= 0.19.0, < 0.19.2, >= 0.20.0, < 0.20.1, >= 0.21.0, < 0.21.4, >= 0.22.0, < 0.22.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL10.0 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N |