Open Redirect Affecting github.com/pomerium/pomerium/authenticate package, versions >=0.10.0 <0.13.4
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Threat Intelligence
EPSS
0.08% (33rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMPOMERIUMPOMERIUMAUTHENTICATE-1090590
- published 4 Apr 2021
- disclosed 4 Apr 2021
- credit cure53
Introduced: 4 Apr 2021
CVE-2021-29652 Open this link in a new tabHow to fix?
Upgrade github.com/pomerium/pomerium/authenticate
to version 0.13.4 or higher.
Overview
github.com/pomerium/pomerium/authenticate is a Package authenticate is a pomerium service that handles user authentication and refersh (AuthN).
Affected versions of this package are vulnerable to Open Redirect via unverified API endpoints that may allow modifying parameters. This vulnerability mainly applies to the user sign in/out process.