QID 982426
QID 982426: Go (go) Security Update for github.com/pomerium/pomerium/proxy (GHSA-35vc-w93w-75c2)
Security update has been released for github.com/pomerium/pomerium/proxy,github.com/pomerium/pomerium to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Using programmatic access on protected sites, one can get a signed login URL with pomerium_redirect_uri set to an arbitrary URL. Then, if the user has already logged into Pomerium, they will be redirected to the specified pomerium_redirect_uri with a JWT attached. This allows an outside attacker to get a signed login URL that, upon visiting it, will redirect a victim to the attackers site. This creates an issue of Open Redirect and, more seriously, JWT leakage.
With a leaked JWT, the attacker will be able to unveil the victims identity (.e.g. email address) by supplying the JWT to the authenticate service or verify.pomerium.com. In addition, if an application integrating Pomerium only verifies the iss claim and others but not the aud claim, the attacker will be able to access it as the victim.
- GHSA-35vc-w93w-75c2 -
github.com/advisories/GHSA-35vc-w93w-75c2
CVEs related to QID 982426
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-35vc-w93w-75c2 | github.com/pomerium/pomerium |
github.com/advisories/GHSA-35vc-w93w-75c2 |
|
| GHSA-35vc-w93w-75c2 | github.com/pomerium/pomerium/proxy |
github.com/advisories/GHSA-35vc-w93w-75c2 |