Source |
CVE Liste |
Identifiant |
3617859 |
Date de publication |
2021-11-05 23:15:08 (vue: 2021-11-06 01:05:57) |
Titre |
CVE-2021-41230 |
Texte |
Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using `allowed_idp_claims` as part of policy. If using `allowed_idp_claims` and a user's claims are changed, Pomerium can make incorrect authorization decisions. This issue has been resolved in v0.15.6. For users unable to upgrade clear data on `databroker` service by clearing redis or restarting the in-memory databroker to force claims to be updated. |
Envoyé |
Oui |
Condensat |
2021 41230 `allowed `databroker` access affected after are authorization aware been can changed changes claims claims` clear clearing cve data databroker decisions evaluation force has identity idp incorrect initial issue login make memory not oidc open part policy pomerium proxy redis reflected resolved restarting service source unable updated upgrade user users using versions when |
Tags |
|
Stories |
|
Notes |
|
Move |
|