4 matches found
CVE-2021-41230
Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make...
CVE-2021-41230
creationtimestamp| type| source ---|---|--- 2021-11-06 01:26:13+00:00| seen| https://t.me/cibsecurity/31921...
CVE-2021-41230
Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make...
CVE-2021-41230
Pomerium (open source identity-aware access proxy) is affected when using allowed_idp_claims: changes to a user’s OIDC claims after initial login may not be reflected in policy evaluation, causing incorrect authorization decisions. The issue has been fixed in v0.15.6. For users who cannot upgrade...