CVE-2021-29651

Name of the Vulnerable Software and Affected Versions Pomerium versions prior to 0.13.4

Description The issue allows an outside attacker to get a signed login URL that, upon visiting it, will redirect a victim to the attacker’s site, creating an Open Redirect problem and potentially leading to JWT leakage. With a leaked JWT, the attacker can unveil the victim’s identity, such as their email address, by supplying the JWT to the authenticate service. Additionally, if an application integrating Pomerium only verifies the iss claim and not the aud claim, the attacker can access it as the victim.

Recommendations For versions prior to 0.13.4, update to Pomerium version 0.13.4 or later to resolve the issue. As a temporary workaround, consider restricting programmatic access on protected sites to minimize the risk of exploitation. Avoid using the pomerium redirect uri parameter in the affected API endpoint until the issue is resolved.