CVE-2020-4062

Improper Access Control in Conjur OSS Helm Chart

Severity Score

9.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's privileges to assume full control. A malicious actor who knows the IP address and port number of the Postgres database and has access into the Kubernetes cluster where Conjur runs can gain full read & write access to the Postgres database. This enables the attacker to write a policy that allows full access to retrieve any secret. This Helm chart is a method to install Conjur OSS into a Kubernetes environment. Hence, the systems impacted are only Conjur OSS systems that were deployed using this chart. Other deployments including Docker and the CyberArk Dynamic Access Provider (DAP) are not affected. To remediate this vulnerability, clone the latest Helm Chart and follow the upgrade instructions. If you are not able to fully remediate this vulnerability immediately, you can mitigate some of the risk by making sure Conjur OSS is deployed on an isolated Kubernetes cluster or namespace. The term "isolated" refers to: - No other workloads besides Conjur OSS and its backend database are running in that Kubernetes cluster/namespace. - Kubernetes and helm access to the cluster/namespace is limited to security administrators via Role-Based Access Control (RBAC).

En Conjur OSS Helm Chart versiones anteriores a 2.0.0, una vulnerabilidad crítica recientemente identificada resultó en la instalación de la base de datos de Conjur Postgres con un puerto abierto. Esto permite a un atacante conseguir acceso completo de lectura y escritura a la base de datos de Conjur Postgres, incluyendo el aumento de los privilegios del atacante para asumir el control total. Un actor malicioso que conoce la dirección IP y el número de puerto de la base de datos de Postgres y tiene acceso al clúster de Kubernetes donde se ejecuta Conjur puede conseguir acceso completo de lectura y escritura a la base de datos de Postgres. Esto permite al atacante escribir una política que permita el acceso total para recuperar cualquier secreto. Este Helm chart es un método para instalar Conjur OSS en un entorno Kubernetes. Por lo tanto, los sistemas afectados son solo sistemas Conjur OSS que se implementaron usando este gráfico. Otras implementaciones, incluidas Docker y CyberArk Dynamic Access Provider (DAP), no están afectadas. Para remediar esta vulnerabilidad, clone el último Helm Chart y siga las instrucciones de actualización. Si no es capaz de remediar completamente esta vulnerabilidad de inmediato, puede mitigar algunos de los riesgos asegurándose de que Conjur OSS se implemente en un clúster o espacio de nombres Kubernetes aislado. El término "isolated" se refiere a: - No se están ejecutando otras cargas de trabajo además de Conjur OSS y su base de datos de backend en ese clúster y espacio de nombres de Kubernetes. - El acceso de Kubernetes y helm al clúster y espacio de nombres está limitado a los administradores de seguridad por medio del Control de Acceso basado en Roles (RBAC)

*Credits: N/A

CVSS Scores

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-12-30 CVE Reserved
2020-06-22 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-284: Improper Access Control

CAPEC

References (2)

URL	Tag	Source
https://github.com/cyberark/conjur-oss-helm-chart/security/advisories/GHSA-mg2m-623j-wpxw	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/cyberark/conjur-oss-helm-chart/commit/2dab801ed4ab591c626fc6674f306fcf0d004c1e	2022-09-20

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cyberark Search vendor "Cyberark"		Conjur Oss Helm Chart Search vendor "Cyberark" for product "Conjur Oss Helm Chart"				< 2.0.0 Search vendor "Cyberark" for product "Conjur Oss Helm Chart" and version " < 2.0.0"		-		Affected