CVE-2020-4062

Name of the Vulnerable Software and Affected Versions Conjur OSS Helm Chart versions prior to 2.0.0

Description A critical issue in the Conjur OSS Helm Chart results in the installation of the Conjur Postgres database with an open port, allowing an attacker to gain full read and write access to the database. This enables the attacker to escalate privileges, assume full control, and write policies for full access to retrieve any secret. The systems impacted are only Conjur OSS systems deployed using this chart. A malicious actor with the IP address and port number of the Postgres database and access to the Kubernetes cluster can exploit this issue.

Recommendations To remediate this vulnerability, clone the latest Helm Chart and follow the upgrade instructions. If immediate remediation is not possible, mitigate some of the risk by deploying Conjur OSS on an isolated Kubernetes cluster or namespace, where no other workloads are running, and access is limited to security administrators via Role-Based Access Control (RBAC).