CVE-2025-49829 Information
Jul 16, 2025
cve
Description
Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.
Reference
https://github.com/cyberark/conjur/releases/tag/v1.22.1 https://github.com/cyberark/conjur/security/advisories/GHSA-9w76-m74g-4c2r
Related CNNVD
CNNVD-202507-2071 (Published: 2025-07-15)
Share on: