CVE-2020-4062 – Improper Access Control in Conjur OSS Helm Chart

https://notcve.org/view.php?id=CVE-2020-4062

In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's privileges to assume full control. A malicious actor who knows the IP address and port number of the Postgres database and has access into the Kubernetes cluster where Conjur runs can gain full read & write access to the Postgres database. This enables the attacker to write a policy that allows full access to retrieve any secret. This Helm chart is a method to install Conjur OSS into a Kubernetes environment. • https://github.com/cyberark/conjur-oss-helm-chart/commit/2dab801ed4ab591c626fc6674f306fcf0d004c1e https://github.com/cyberark/conjur-oss-helm-chart/security/advisories/GHSA-mg2m-623j-wpxw • CWE-284: Improper Access Control •