All 8 CVE vulnerabilities found in pomerium, with AI-generated Chinese analysis, references, and POCs.
Vendor: pomerium
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-47616 | Pomerium's service account access token may grant unintended access to databroker API CWE-863 | 6.8 | Medium | 2024-10-02 |
| CVE-2024-39315 | Pomerium exposed OAuth2 access and ID tokens in user info endpoint response CWE-201 | 5.7 | Medium | 2024-07-02 |
| CVE-2023-33189 | Incorrect Authorization with specially crafted requests CWE-285 | 10.0 | Critical | 2023-05-30 |
| CVE-2022-24797 | Exposure of Sensitive Information in Pomerium CWE-200 | 6.5 | Medium | 2022-03-31 |
| CVE-2021-41230 | OIDC claims not updated from Identity Provider in Pomerium CWE-863 | 5.3 | Medium | 2021-11-05 |
| CVE-2021-39206 | Incorrect Authorization with specially crafted requests CWE-863 | 8.6 | High | 2021-09-09 |
| CVE-2021-39204 | Excessive CPU usage in Pomerium CWE-834 | 7.5 | High | 2021-09-09 |
| CVE-2021-39162 | Incorrect handling of H2 GOAWAY + SETTINGS frames CWE-754 | 8.6 | High | 2021-09-09 |
All 8 known CVE vulnerabilities affecting pomerium with full Chinese analysis, references, and POCs where available.