22 matches found
CVE-2026-13699 Databroker 0.6.1 PublishValue missing data_point panic
In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional datapoint field in PublishValueRequest. When a request contains a valid signalid but omits datapoint, the server directly calls unwrap on request.datapoint,...
CVE-2026-13699
CVE-2026-13699 affects Eclipse KUKSA Databroker 0.6.1. The gRPC handler kuksa.val.v2.VAL/PublishValue fails to validate the optional data_point in PublishValueRequest; if signal_id is valid but data_point is omitted, the code dereferences request.data_point (unwrap) and panics in the Tokio worker...
CVE-2026-13699
In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional datapoint field in PublishValueRequest. When a request contains a valid signalid but omits datapoint, the server directly calls unwrap on request.datapoint,...
EUVD-2026-43634
In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional datapoint field in PublishValueRequest. When a request contains a valid signalid but omits datapoint, the server directly calls unwrap on request.datapoint,...
EUVD-2024-3127
Malicious code in bioql PyPI...
SUSE CVE-2024-47616
Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token JWT signed by a key known by all Pomerium servic...
GO-2024-3179 Pomerium service account access token may grant unintended access to databroker API in github.com/pomerium/pomerium
Pomerium service account access token may grant unintended access to databroker API in github.com/pomerium/pomerium...
CVE-2024-47616
Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token JWT signed by a key known by all Pomerium servic...
GHSA-R7RH-JWW5-5FJR Pomerium service account access token may grant unintended access to databroker API
Impact We've identified a vulnerability in the Pomerium databroker service API that may grant unintended access under specific conditions. This affects only certain Pomerium Zero and Pomerium Enterprise deployments. Who is affected? A Pomerium deployment is susceptible to this issue if all of the...
Pomerium service account access token may grant unintended access to databroker API
Impact We've identified a vulnerability in the Pomerium databroker service API that may grant unintended access under specific conditions. This affects only certain Pomerium Zero and Pomerium Enterprise deployments. Who is affected? A Pomerium deployment is susceptible to this issue if all of the...
CVE-2024-47616 Pomerium's service account access token may grant unintended access to databroker API
Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token JWT signed by a key known by all Pomerium servic...
CVE-2024-47616 Pomerium's service account access token may grant unintended access to databroker API
Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token JWT signed by a key known by all Pomerium servic...
CVE-2024-47616 Pomerium's service account access token may grant unintended access to databroker API
Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token JWT signed by a key known by all Pomerium servic...
CVE-2024-47616
The CVE-2024-47616 issue affects Pomerium’s databroker service. Incomplete validation of JWTs could cause databroker API authorization to accept some service account tokens that are still valid, enabling exfiltration of user info, session spoofing, or tampering with Pomerium routes, policies, and...
PT-2024-32675 · Pomerium +1 · Pomerium +1
Name of the Vulnerable Software and Affected Versions: Pomerium versions prior to 0.27.1 Description: Pomerium is an identity and context-aware access proxy. The Pomerium databroker service manages all persistent Pomerium application state. Requests to the databroker service API are authorized by...
GO-2021-0258 Incorrect authorization in github.com/pomerium/pomerium
Pomerium is an open source identity-aware access proxy. Changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make incorrect authorizati...
GHSA-J6WP-3859-VXFG OIDC claims not updated from Identity Provider in Pomerium
Impact Changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make incorrect authorization decisions. Patches v0.15.6 Workarounds - Clear...
OIDC claims not updated from Identity Provider in Pomerium
Impact Changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make incorrect authorization decisions. Patches v0.15.6 Workarounds - Clear...
CVE-2021-41230
Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make...
CVE-2021-41230
Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make...