Primary

Context

CyberArk Conjur Secrets Manager Resource Injection and Permission Bypass Vulnerability

Vulnerability

A vulnerability in CyberArk Conjur's Secrets Manager, Self-Hosted, allows authenticated attackers to inject resources into the database and bypass permission checks. This issue arises from missing validations and affects Conjur OSS versions prior to 1.22.1, as well as Secrets Manager, Self-Hosted (formerly Conjur Enterprise) versions prior to 13.5.1 and 13.6.1.

Impact

Exploitation of this vulnerability could lead to unauthorized resource injection into the database and the ability to bypass permission checks, potentially allowing for unauthorized access or manipulation of secrets.

Remediation

Users can upgrade to Conjur OSS version 1.22.1 or Secrets Manager, Self-Hosted versions 13.5.1 or 13.6.1 to address this vulnerability.

Added: Jul 15, 2025, 10:55 PM

Updated: Jul 15, 2025, 10:55 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CyberArk Conjur Secrets Manager Resource Injection and Permission Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating