CVE-2024-39315 | Pomerium up to 0.26.0 OAuth2 Access Token /.pomerium insertion of sensitive information into sent data (GHSA-rrqr-7w59-637v)

Posted by Angelo Barbosa | Jul 2, 2024 | CVE

A vulnerability was found in Pomerium up to 0.26.0. It has been rated as problematic. This issue affects some unknown processing of the file /.pomerium of the component OAuth2 Access Token Handler. The manipulation leads to insertion of sensitive information into sent data.

The identification of this vulnerability is CVE-2024-39315. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-39315 | Pomerium up to 0.26.0 OAuth2 Access Token /.pomerium insertion of sensitive information into sent data (GHSA-rrqr-7w59-637v)

Related Posts

CVE-2024-47044 | Nippon Telegraph and Telephone East Hikari Denwa router RT-400MI Device Setting Page clickjacking

CVE-2024-20486 | Cisco Identity Services Engine Software up to 3.3.0 Web-based Management Interface cross-site request forgery (cisco-sa-ise-csrf-y4ZUz5Rj)

CVE-2023-49347 | budgie-wpreviews 2.1 temp file

CVE-2023-41610 | Victure PC420 1.1.39 missing encryption