Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-49829

Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

Published

2025-07-15T20:15:40.093

Last Modified

2025-07-16T14:59:23.707

Status

Awaiting Analysis

Source

[email protected]

Severity

Weaknesses

Type: Secondary
CWE-862

Affected Vendors & Products

References

https://github.com/cyberark/conjur/releases/tag/v1.22.1 ([email protected])
https://github.com/cyberark/conjur/security/advisories/GHSA-9w76-m74g-4c2r ([email protected])