3 matches found
EUVD-2024-3127
Malicious code in bioql PyPI...
CVE-2024-47616
Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token JWT signed by a key known by all Pomerium servic...
OIDC claims not updated from Identity Provider in Pomerium
Impact Changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make incorrect authorization decisions. Patches v0.15.6 Workarounds - Clear...