critical
9
CWE
284
Advisory Published
Updated

CVE-2020-4062: Improper Access Control in Conjur OSS Helm Chart

First published: Mon Jun 22 2020(Updated: )

In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's privileges to assume full control. A malicious actor who knows the IP address and port number of the Postgres database and has access into the Kubernetes cluster where Conjur runs can gain full read & write access to the Postgres database. This enables the attacker to write a policy that allows full access to retrieve any secret. This Helm chart is a method to install Conjur OSS into a Kubernetes environment. Hence, the systems impacted are only Conjur OSS systems that were deployed using this chart. Other deployments including Docker and the CyberArk Dynamic Access Provider (DAP) are not affected. To remediate this vulnerability, clone the latest Helm Chart and follow the upgrade instructions. If you are not able to fully remediate this vulnerability immediately, you can mitigate some of the risk by making sure Conjur OSS is deployed on an isolated Kubernetes cluster or namespace. The term "isolated" refers to: - No other workloads besides Conjur OSS and its backend database are running in that Kubernetes cluster/namespace. - Kubernetes and helm access to the cluster/namespace is limited to security administrators via Role-Based Access Control (RBAC).

Credit: security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
CyberArk Conjur OSS Helm Chart<2.0.0

Remedy

https://github.com/cyberark/conjur-oss-helm-chart/commit/2dab801ed4ab591c626fc6674f306fcf0d004c1e

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2020-4062?

    CVE-2020-4062 is a critical vulnerability in Conjur OSS Helm Chart before version 2.0.0.

  • How does CVE-2020-4062 impact Conjur OSS Helm Chart?

    CVE-2020-4062 allows an attacker to gain full read and write access to the Conjur Postgres database, including escalating their privileges.

  • What is the severity of CVE-2020-4062?

    CVE-2020-4062 has a severity rating of critical.

  • How can I fix CVE-2020-4062?

    To fix CVE-2020-4062, update Conjur OSS Helm Chart to version 2.0.0 or higher.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203