VYPR

Conjur OSS

by Conjur

CVEs (4)

  • CVE-2025-49827CriJul 15, 2025
    risk 0.57cvss 9.8epss 0.01

    Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An…

  • CVE-2025-49828HigJul 15, 2025
    risk 0.50cvss 8.8epss 0.02

    Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker…

  • CVE-2025-49830MedJul 15, 2025
    risk 0.35cvss 6.5epss 0.01

    Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to…

  • CVE-2025-49829MedJul 15, 2025
    risk 0.35cvss 6.5epss 0.00

    Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager,…