PT-2025-29672 · Cyberark · Conjur Oss+1
Shahar Tal
+1
·
Publicado
2025-07-15
·
Atualizado
2025-08-08
·
CVE-2025-49830
CVSS v4.0
7.1
Alta
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Conjur Secrets Manager, Self-Hosted versions prior to 13.5.1 and 13.6.1
Conjur OSS versions prior to 1.22.1
Description
Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy YAML parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used for reconnaissance to understand the folder structure of the Secrets Manager/Conjur server or to have the YAML parser include files on the server in the YAML that is processed when the policy loads.
Recommendations
Upgrade Conjur Secrets Manager, Self-Hosted to version 13.5.1 or 13.6.1.
Upgrade Conjur OSS to version 1.22.1.
Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Conjur Oss
Conjur Secrets Manager