Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XCyberark Conjur
APPCyberark13.6< 1.22.1< 13.5.1
Powiązane podatności
CyberArk Conjur — bypass uwierzytelniania IAM przez błędne wyrażenie regularne
CyberArk Conjur – pominięcie uwierzytelnienia przez przekierowanie ruchu (Auth Bypass)
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 thr...
Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who ...
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Pass...