CVE-2024-39315 | Pomerium up to 0.26.0 OAuth2 Access Token /.pomerium insertion of sensitive information into sent data (GHSA-rrqr-7w59-637v)

Posted by Angelo Barbosa | Jul 2, 2024 | CVE

A vulnerability was found in Pomerium up to 0.26.0. It has been rated as problematic. This issue affects some unknown processing of the file /.pomerium of the component OAuth2 Access Token Handler. The manipulation leads to insertion of sensitive information into sent data.

The identification of this vulnerability is CVE-2024-39315. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-39315 | Pomerium up to 0.26.0 OAuth2 Access Token /.pomerium insertion of sensitive information into sent data (GHSA-rrqr-7w59-637v)

Related Posts

CVE-2024-20024 | MediaTek MT8678 Flashc out-of-bounds write (ALPS08541635)

CVE-2024-38883 | Horizon Business Services Caterease up to 24.0.1.2405 TDS7 PreLogin Authentication downgrade

CVE-2023-49446 | JFinalCMS 5.0.0 /admin/nav/save cross-site request forgery

CVE-2023-46803 | Ivanti Avalanche 6.4.1 Mobile Device Server denial of service