5 matches found
CVE-2022-24797
Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This...
CVE-2022-24797
creationtimestamp| type| source ---|---|--- 2022-04-01 02:18:57+00:00| seen| https://t.me/cibsecurity/39951...
CVE-2022-24797 Exposure of Sensitive Information in Pomerium
Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This...
CVE-2022-24797 Exposure of Sensitive Information in Pomerium
Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This...
CVE-2022-24797
CVE-2022-24797 affects Pomerium in distributed service mode, where the Authenticate service exposes pprof debug and Prometheus metrics endpoints to untrusted traffic. This can leak environmental information and cause limited denial of service. The issue is fixed in v0.17.1. Workarounds include bl...