CVE-2025-49829
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-11-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cyberark | conjur | to 1.22.1 (exc) |
| cyberark | conjur | to 13.5.1 (exc) |
| cyberark | conjur | 13.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Conjur Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and bypass permission checks due to missing validations. It affects versions prior to 13.5.1 and 13.6.1 for Secrets Manager, Self-Hosted and prior to 1.22.1 for Conjur OSS. The issue is fixed in versions 13.5.1, 13.6.1, and 1.22.1 respectively.
How can this vulnerability impact me? :
An attacker who is authenticated could inject unauthorized resources into the database and bypass permission checks, potentially leading to unauthorized access or manipulation of secrets and application identities managed by Conjur. This could compromise the security of infrastructure relying on Conjur for secrets management.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Conjur Secrets Manager, Self-Hosted to version 13.5.1 or 13.6.1, or Conjur OSS to version 1.22.1 or later, as these versions contain the fix for the issue.