We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-49829

Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validations



Description

Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

Reserved 2025-06-11 | Published 2025-07-15 | Updated 2025-07-15 | Assigner GitHub_M


MEDIUM: 6.0CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-862: Missing Authorization

Product status

Conjur OSS < 1.22.1
affected

Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) < 13.5.1
affected

Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) = 13.6
affected

References

github.com/...conjur/security/advisories/GHSA-9w76-m74g-4c2r

github.com/cyberark/conjur/releases/tag/v1.22.1

cve.org (CVE-2025-49829)

nvd.nist.gov (CVE-2025-49829)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-49829

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.