Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Pomerium Security Vulnerabilities

cve
cve

CVE-2021-29651

Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2).

6.1CVSS

6.2AI Score

0.001EPSS

2021-04-02 02:15 PM
28
cve
cve

CVE-2021-29652

Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process

6.1CVSS

6.2AI Score

0.001EPSS

2021-04-02 02:15 PM
27
cve
cve

CVE-2021-39162

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted upstream servers. 0.15.1 contains an upgraded envoy binary w...

8.6CVSS

8.3AI Score

0.001EPSS

2021-09-09 10:15 PM
34
cve
cve

CVE-2021-39204

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions...

7.5CVSS

7.3AI Score

0.001EPSS

2021-09-09 10:15 PM
29
cve
cve

CVE-2021-39206

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authoriza...

8.6CVSS

8.3AI Score

0.002EPSS

2021-09-09 11:15 PM
32
cve
cve

CVE-2021-41230

Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowed_idp_claims as part of policy. If using allowed_idp_claims and a user's claims are changed, Pomerium can mak...

8.8CVSS

8.5AI Score

0.001EPSS

2021-11-05 11:15 PM
31
cve
cve

CVE-2022-24797

Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This issu...

9.1CVSS

8.8AI Score

0.002EPSS

2022-03-31 11:15 PM
61
cve
cve

CVE-2023-33189

Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.

10CVSS

9.3AI Score

0.006EPSS

2023-05-30 06:16 AM
72
cve
cve

CVE-2024-39315

Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page (at /.pomerium) unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be...

5.7CVSS

5.3AI Score

0.0004EPSS

2024-07-02 08:15 PM
18