CVE-2025-49830

MEDIUM

Conjur < 1.22.1 and Secrets Manager, Self-Hosted < 13.5.1 - Authenticated Path Traversal via Policy YAML Parser

Title source: llm

Description

Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to better understand the folder structure of the Secrets Manager/Conjur server or to have the yaml parser include files on the server in the yaml that is processed as the policy loads. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

https://github.com/cyberark/conjur/security/advisories/GHSA-7m6h-fqrm-m9c5

Release Notes x_refsource_misc

https://github.com/cyberark/conjur/releases/tag/v1.22.1

Mailing List

http://www.openwall.com/lists/oss-security/2025/07/16/7

Mailing List

http://www.openwall.com/lists/oss-security/2025/08/08/1

Scores

CVSS v3 6.5

EPSS 0.0051

EPSS Percentile 39.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (3)

cyberark/conjur 13.6

cyberark/conjur < 1.22.1

cyberark/conjur < 13.5.1

Published Jul 15, 2025

Tracked Since Feb 18, 2026