Cyberark Conjur vulnerabilities
5 known vulnerabilities affecting cyberark/conjur.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-49828P2HIGHCVSS 8.8≥ 1.20.1, < 1.21.2≥ 13.1, < 13.5+2 more2025-07-15
CVE-2025-49828 [HIGH] CWE-1336 CVE-2025-49828: Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secrets or templates into the Secrets Manager, Self-Hosted
nvd
CVE-2025-49827P2CRITICALCVSS 9.8≥ 1.19.5, < 1.22.1≥ 13.1, < 13.5.1+3 more2025-07-15
CVE-2025-49827 [CRITICAL] CWE-807 CVE-2025-49827: Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipulate the headers signed by AWS can take advantage of
nvd
CVE-2025-49831P2CRITICALCVSS 9.8fixed in 1.22.1fixed in 13.5.1+4 more2025-07-15
CVE-2025-49831 [CRITICAL] CWE-287 CVE-2025-49831: An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to
An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this issue can be actively exploited, though Secrets Manag
nvd
CVE-2025-49830P3MEDIUMCVSS 6.5fixed in 1.22.1fixed in 13.5.1+4 more2025-07-15
CVE-2025-49830 [MEDIUM] CWE-22 CVE-2025-49830: Conjur provides secrets management and application identity for infrastructure. An authenticated att
Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to better understand the folder structure of the Secrets Manager/Conjur server
nvd
CVE-2025-49829P3MEDIUMCVSS 6.5fixed in 1.22.1fixed in 13.5.1+4 more2025-07-15
CVE-2025-49829 [MEDIUM] CWE-862 CVE-2025-49829: Conjur provides secrets management and application identity for infrastructure. Missing validations
Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and C
nvd