Skip to main content

Pomerium

9 CVEs product

Monthly

CVE-2024-39315 Go MEDIUM PATCH This Month

Pomerium is an identity and context-aware access proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Pomerium
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-33189 Go CRITICAL PATCH Act Now

Pomerium is an identity and context-aware access proxy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Pomerium
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-24797 Go CRITICAL PATCH Act Now

Pomerium is an identity-aware access proxy. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Information Disclosure Pomerium
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-41230 Go HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Redis Authentication Bypass Pomerium
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-39206 Go HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy Pomerium
NVD GitHub
CVSS 3.1
8.6
EPSS
1.5%
CVE-2021-39204 Go HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy Pomerium
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-39162 Go HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy Pomerium
NVD GitHub
CVSS 3.1
8.6
EPSS
1.6%
CVE-2021-29652 Go MEDIUM PATCH This Month

Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Pomerium
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-29651 Go MEDIUM PATCH This Month

Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Pomerium
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Pomerium is an identity and context-aware access proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Pomerium
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Pomerium is an identity and context-aware access proxy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Pomerium
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Pomerium is an identity-aware access proxy. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Information Disclosure Pomerium
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Redis Authentication Bypass Pomerium
NVD GitHub
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Envoy Pomerium
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy Pomerium
NVD GitHub
EPSS 2% CVSS 8.6
HIGH PATCH This Week

Pomerium is an open source identity-aware access proxy. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy Pomerium
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Pomerium
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Pomerium
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy