Known Vulnerabilities for products from Pomerium
Listed below are 7 of the newest known vulnerabilities associated with the vendor "Pomerium".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24797 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.1 - CRITICAL | 2022-03-31 | 2023-07-06 |
| CVE-2021-41230 | Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initi... | 8.8 - HIGH | 2021-11-05 | 2021-11-10 |
| CVE-2021-39206 | Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related... | 8.6 - HIGH | 2021-09-09 | 2021-09-27 |
| CVE-2021-39204 | Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of H... | 7.5 - HIGH | 2021-09-09 | 2021-09-27 |
| CVE-2021-39162 | Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2... | 8.6 - HIGH | 2021-09-09 | 2021-09-27 |
| CVE-2021-29652 | Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process | 6.1 - MEDIUM | 2021-04-02 | 2021-04-06 |
| CVE-2021-29651 | Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). | 6.1 - MEDIUM | 2021-04-02 | 2021-04-06 |