Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Remote Code Execution
Vulnerability Description
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secrets or templates into the Secrets Manager, Self-Hosted database could take advantage of an exposed API endpoint to execute arbitrary Ruby code within the Secrets Manager process. This issue affects both Secrets Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur OSS. Conjur OSS version 1.21.2 and Secrets Manager, Self-Hosted version 13.5 fix the issue.
CVSS Information
N/A
Vulnerability Type
CWE-1336
Vulnerability Title
CyberArk Conjur 安全漏洞
Vulnerability Description
CyberArk Conjur是CyberArk开源的一个密钥管理软件。 CyberArk Conjur存在安全漏洞,该漏洞源于远程代码执行漏洞,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A