Lucene search
GitHub Advisory DatabaseGHSA-FV82-R8QV-CH4VHistoryMay 21, 2021 - 4:24 p.m.
pomerium_signature is not verified in middleware in github.com/pomerium/pomerium
2021-05-2116:24:22
CWE-601
GitHub Advisory Database
github.com
43
0.001 Low
EPSS
Percentile
33.6%
Impact
Some API endpoints under /.pomerium/ do not verify parameters with pomerium_signature. This could allow modifying parameters intended to be trusted to Pomerium.
The issue mainly affects routes responsible for sign in/out, but does not introduce an authentication bypass.
Specific Go Packages Affected
github.com/pomerium/pomerium/authenticate
Patches
Patched in v0.13.4
For more information
If you have any questions or comments about this advisory
- Open an issue in pomerium
- Email us at [email protected]
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/pomerium/pomerium | lt | 0.13.4 |
Related
osv
osv
CVE-2021-29652
2021-04-02 14:15:13
veracode
veracode
Open Redirection
2021-04-05 04:23:24
cve
cve
CVE-2021-29652
2021-04-02 14:15:00
prion
prion
Open redirect
2021-04-02 14:15:00
cvelist
cvelist
CVE-2021-29652
2021-04-02 13:58:34