4 matches found
CVE-2025-52901
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token JWT which is used as a session identifier will get leaked to...
CVE-2025-52901 File Browser allows sensitive data to be transferred in URL
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token JWT which is used as a session identifier will get leaked to...
GO-2022-0783 JWT leak via Open Redirect in Programmatic access in github.com/pomerium/pomerium
JWT leak via Open Redirect in Programmatic access in github.com/pomerium/pomerium...
JWT leak via Open Redirect in Programmatic access
Impact Using programmatic access on protected sites, one can get a signed login URL with pomeriumredirecturi set to an arbitrary URL. Then, if the user has already logged into Pomerium, they will be redirected to the specified pomeriumredirecturi with a JWT attached. This allows an outside attack...