Security Advisory

CVE-2025-49829

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-07-15 19:47:59

Last updated 2025-11-04 21:11:26

Assigner GitHub_M

State PUBLISHED

Description

Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

← Browse all CVEs View on cve.org ↗