EUVD-2024-3127

Malicious code in bioql PyPI...

SUSE CVE-2024-47616

Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token JWT signed by a key known by all Pomerium servic...

GO-2024-3179 Pomerium service account access token may grant unintended access to databroker API in github.com/pomerium/pomerium

Pomerium service account access token may grant unintended access to databroker API in github.com/pomerium/pomerium...

CVE-2024-47616

Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token JWT signed by a key known by all Pomerium servic...

GHSA-R7RH-JWW5-5FJR Pomerium service account access token may grant unintended access to databroker API

Impact We've identified a vulnerability in the Pomerium databroker service API that may grant unintended access under specific conditions. This affects only certain Pomerium Zero and Pomerium Enterprise deployments. Who is affected? A Pomerium deployment is susceptible to this issue if all of the...

Pomerium service account access token may grant unintended access to databroker API

Impact We've identified a vulnerability in the Pomerium databroker service API that may grant unintended access under specific conditions. This affects only certain Pomerium Zero and Pomerium Enterprise deployments. Who is affected? A Pomerium deployment is susceptible to this issue if all of the...

CVE-2024-47616 Pomerium's service account access token may grant unintended access to databroker API

Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token JWT signed by a key known by all Pomerium servic...

CVE-2024-47616 Pomerium's service account access token may grant unintended access to databroker API

Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token JWT signed by a key known by all Pomerium servic...

CVE-2024-47616 Pomerium's service account access token may grant unintended access to databroker API

Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token JWT signed by a key known by all Pomerium servic...

CVE-2024-47616

The CVE-2024-47616 issue affects Pomerium’s databroker service. Incomplete validation of JWTs could cause databroker API authorization to accept some service account tokens that are still valid, enabling exfiltration of user info, session spoofing, or tampering with Pomerium routes, policies, and...

PT-2024-32675 · Pomerium +1 · Pomerium +1

Name of the Vulnerable Software and Affected Versions: Pomerium versions prior to 0.27.1 Description: Pomerium is an identity and context-aware access proxy. The Pomerium databroker service manages all persistent Pomerium application state. Requests to the databroker service API are authorized by...

GO-2021-0258 Incorrect authorization in github.com/pomerium/pomerium

Pomerium is an open source identity-aware access proxy. Changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make incorrect authorizati...

OIDC claims not updated from Identity Provider in Pomerium

Impact Changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make incorrect authorization decisions. Patches v0.15.6 Workarounds - Clear...

GHSA-J6WP-3859-VXFG OIDC claims not updated from Identity Provider in Pomerium

Impact Changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make incorrect authorization decisions. Patches v0.15.6 Workarounds - Clear...

CVE-2021-41230

Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make...

CVE-2021-41230

Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make...

Authorization

Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make...

CVE-2021-41230 OIDC claims not updated from Identity Provider in Pomerium

Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make...