CVE-2025-49829: CWE-862: Missing Authorization in cyberark conjur
Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.
CVE-2025-49829: CWE-862: Missing Authorization in cyberark conjur
Description
Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-06-11T14:33:57.799Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6876b38da83201eaacd057b6
Added to database: 7/15/2025, 8:01:17 PM
Last updated: 7/15/2025, 8:01:17 PM
Views: 1
Related Threats
CVE-2025-53839: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in dracoon security-advisories
MediumCVE-2025-53836: CWE-863: Incorrect Authorization in xwiki xwiki-rendering
CriticalCVE-2025-53032: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. in Oracle Corporation MySQL Server
MediumCVE-2025-53031: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. in Oracle Corporation Oracle Financial Services Analytical Applications Infrastructure
MediumCVE-2025-53030: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. in Oracle Corporation Oracle VM VirtualBox
MediumActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.