Affected by GO-2022-0783 and 4 other vulnerabilities

GO-2022-0783: JWT leak via Open Redirect in Programmatic access in github.com/pomerium/pomerium

GO-2022-0933: Incorrect handling of H2 GOAWAY + SETTINGS frames in github.com/pomerium/pomerium

GO-2023-1800: Pomerium vulnerable to Incorrect Authorization with specially crafted requests in github.com/pomerium/pomerium

GO-2024-2965: Pomerium exposed OAuth2 access and ID tokens in user info endpoint response in github.com/pomerium/pomerium

GO-2024-3179: Pomerium service account access token may grant unintended access to databroker API in github.com/pomerium/pomerium

pomerium

module

v0.7.1 Latest Latest Go to latest Published: Apr 7, 2020 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/pomerium/pomerium

Links

Open Source Insights

README ¶

Docker Pulls

Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. Pomerium gateways both internal and external requests, and can be used in situations where you'd typically reach for a VPN.

Pomerium can be used to:

provide a single-sign-on gateway to internal applications.
enforce dynamic access policy based on context, identity, and device state.
aggregate access logs and telemetry data.
a VPN alternative.

Docs

For comprehensive docs, and tutorials see our documentation.

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
authenticate Package authenticate is a pomerium service that handles user authentication and refersh (AuthN).	Package authenticate is a pomerium service that handles user authentication and refersh (AuthN).
authorize Package authorize is a pomerium service that is responsible for determining if a given request should be authorized (AuthZ).	Package authorize is a pomerium service that is responsible for determining if a given request should be authorized (AuthZ).
evaluator Package evaluator defines a Evaluator interfaces that can be implemented by a policy evaluator framework.	Package evaluator defines a Evaluator interfaces that can be implemented by a policy evaluator framework.
evaluator/mock_evaluator Package mock_evaluator is a generated GoMock package.	Package mock_evaluator is a generated GoMock package.
evaluator/opa Package opa implements the policy evaluator interface to make authorization decisions.	Package opa implements the policy evaluator interface to make authorization decisions.
evaluator/opa/policy
cache Package cache is a pomerium service that handles the storage of user session state.	Package cache is a pomerium service that handles the storage of user session state.
cmd
pomerium
pomerium-cli
config Package config is a configuration abstraction that facilitates enabling Pomerium settings forvarious encoding types (JSON/YAML/ENVARS) and methods.	Package config is a configuration abstraction that facilitates enabling Pomerium settings forvarious encoding types (JSON/YAML/ENVARS) and methods.
integration
backends/httpdetails Module
backends/ws-echo Module
internal
cryptutil Package cryptutil provides cryptographic utility functions, complementing the lower level abstractions found in the standard library.	Package cryptutil provides cryptographic utility functions, complementing the lower level abstractions found in the standard library.
encoding Package encoding defines interfaces shared by other packages that convert data to and from byte-level and textual representations.	Package encoding defines interfaces shared by other packages that convert data to and from byte-level and textual representations.
encoding/ecjson Package ecjson represents encrypted and compressed content using JSON-based	Package ecjson represents encrypted and compressed content using JSON-based
encoding/jws Package jws represents content secured with digitalsignatures using JSON-based data structures as specified by rfc7515	Package jws represents content secured with digitalsignatures using JSON-based data structures as specified by rfc7515
encoding/mock Package mock implements a mock implementation of MarshalUnmarshaler.	Package mock implements a mock implementation of MarshalUnmarshaler.
fileutil Package fileutil provides file utility functions, complementing the lower level abstractions found in the standard library.	Package fileutil provides file utility functions, complementing the lower level abstractions found in the standard library.
frontend Package frontend handles the generation, and instantiation of Pomerium's html templates.	Package frontend handles the generation, and instantiation of Pomerium's html templates.
frontend/statik
grpc Package grpc provides gRPC utility functions, complementing the more common ones in the github.com/grpc/grpc-go package	Package grpc provides gRPC utility functions, complementing the more common ones in the github.com/grpc/grpc-go package
grpc/authorize
grpc/authorize/client Package client implements a gRPC client for the authorization service.	Package client implements a gRPC client for the authorization service.
grpc/cache
grpc/cache/client Package client implements a gRPC client for the cache service.	Package client implements a gRPC client for the cache service.
grpcutil Package grpcutil contains utility functions for working with gRPC.	Package grpcutil contains utility functions for working with gRPC.
httputil Package httputil provides HTTP utility functions, complementing the more common ones in the net/http package	Package httputil provides HTTP utility functions, complementing the more common ones in the net/http package
identity Package identity provides support for making OpenID Connect (OIDC) and OAuth2 authenticated HTTP requests with third party identity providers.	Package identity provides support for making OpenID Connect (OIDC) and OAuth2 authenticated HTTP requests with third party identity providers.
kv Package kv defines a Store interfaces that can be implemented by datastores to provide key value storage capabilities.	Package kv defines a Store interfaces that can be implemented by datastores to provide key value storage capabilities.
kv/autocache Package autocache implements a key value store (kv.Store) using autocache which combines functionality from groupcache, and memberlist libraries.	Package autocache implements a key value store (kv.Store) using autocache which combines functionality from groupcache, and memberlist libraries.
kv/bolt Package bolt implements a key value store (kv.Store) using bbolt.	Package bolt implements a key value store (kv.Store) using bbolt.
kv/redis Package redis implements a key value store (kv.Store) using redis.	Package redis implements a key value store (kv.Store) using redis.
log Package log provides a global logger for zerolog.	Package log provides a global logger for zerolog.
middleware Package middleware provides a standard set of middleware for pomerium.	Package middleware provides a standard set of middleware for pomerium.
middleware/responsewriter Package responsewriter contains helper functions that useful for hooking into various parts of a response.	Package responsewriter contains helper functions that useful for hooking into various parts of a response.
sessions Package sessions handles the storage, management, and validation of pomerium user sessions.	Package sessions handles the storage, management, and validation of pomerium user sessions.
sessions/cache Package cache provides a remote cache based implementation of session store and loader.	Package cache provides a remote cache based implementation of session store and loader.
sessions/cookie Package cookie provides a cookie based implementation of session store and loader.	Package cookie provides a cookie based implementation of session store and loader.
sessions/header Package header provides a request header based implementation of a session loader.	Package header provides a request header based implementation of a session loader.
sessions/mock Package mock provides a mock implementation of session store and loader.	Package mock provides a mock implementation of session store and loader.
sessions/queryparam Package queryparam provides a query param based implementation of a both as session store and loader.	Package queryparam provides a query param based implementation of a both as session store and loader.
telemetry/metrics Package metrics contains support for OpenCensus distributed metrics.	Package metrics contains support for OpenCensus distributed metrics.
telemetry/trace Package trace contains support for OpenCensus distributed tracing.	Package trace contains support for OpenCensus distributed tracing.
tripper Package tripper provides utility functions for working with the http.RoundTripper interface.	Package tripper provides utility functions for working with the http.RoundTripper interface.
urlutil Package urlutil provides utility functions for working with go urls.	Package urlutil provides utility functions for working with go urls.
version Package version enables setting build-time version using ldflags.	Package version enables setting build-time version using ldflags.
proxy Package proxy is a pomerium service that provides reverse proxying of internal routes.	Package proxy is a pomerium service that provides reverse proxying of internal routes.