2 matches found
Insertion Of Sensitive Information Into Sent Data
github.com/pomerium/pomerium is vulnerable to Insertion of Sensitive Information Into Sent Data. The vulnerability is due to the inclusion of serialized OAuth2 access and ID tokens from the logged-in user's session in the user info page /.pomerium...
CVE-2024-39315 Pomerium exposed OAuth2 access and ID tokens in user info endpoint response
Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page at /.pomerium unintentionally included serialized OAuth2 access and ID tokens from the logged-in user's session. These tokens are not intended to be exposed to end users. This issue may be...