CyberArk Conjur OSS and Secrets Manager Self-Hosted IAM Authenticator Bypass Vulnerability

A vulnerability exists in CyberArk Conjur OSS versions 1.19.5 prior to 1.22.0 and in Secrets Manager, Self-Hosted (formerly Conjur Enterprise) versions 13.1 through 13.5 and 13.6. An attacker who can manipulate AWS-signed headers may exploit a flawed regular expression to redirect authentication validation requests to a malicious server. This could bypass the IAM Authenticator in Secrets Manager, Self-Hosted, allowing the attacker to gain permissions of the manipulated client.

Impact

Exploitation of this vulnerability could lead to unauthorized access and permissions within the affected Conjur environment, allowing an attacker to act with the rights of the manipulated client.

Remediation

Users can upgrade to CyberArk Conjur OSS version 1.22.1 or Secrets Manager, Self-Hosted versions 13.5.1 or 13.6.1 to address this vulnerability.