CVE-2025-49829

Medium CVSS: 6.0

Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

Vendor

Cyberark

Product

Conjur

CWE

CWE-862

Yayın Tarihi

2025-07-15 20:15:40

Güncelleme

2025-11-04 22:16:19

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-862 Conjur MEDIUM Cyberark 2025

Referanslar

https://github.com/cyberark/conjur/releases/tag/v1.22.1 https://github.com/cyberark/conjur/security/advisories/GHSA-9w76-m74g-4c2r http://www.openwall.com/lists/oss-security/2025/07/16/7 http://www.openwall.com/lists/oss-security/2025/08/08/1

Benzer Kayıtlar

High

CVE-2026-2914

CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation le…

High

CVE-2025-66374

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through po…

Critical

CVE-2025-49831

An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misco…

High

CVE-2025-49830

Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to…

Critical

CVE-2025-49827

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.…

High

CVE-2025-49828

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.…