CVE-2025-49827

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-49827
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-49827.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-49827
Aliases
  • GHSA-gmc5-9mpc-xg75
Published
2025-07-15T19:26:06.451Z
Modified
2026-04-10T05:29:39.737893Z
Severity
  • 9.1 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator
Details

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An attacker who can manipulate the headers signed by AWS can take advantage of a malformed regular expression to redirect the authentication validation request that Secrets Manager, Self-Hosted sends to AWS to a malicious server controlled by the attacker. This redirection could result in a bypass of the Secrets Manager, Self-Hosted IAM Authenticator, granting the attacker the permissions granted to the client whose request was manipulated. This issue affects both Secrets Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur OSS. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

Database specific 
{
    "cwe_ids": [
        "CWE-807"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/49xxx/CVE-2025-49827.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/cyberark/conjur

Affected ranges

Type
GIT
Repo
https://github.com/cyberark/conjur
Events
Introduced
13777635cf93eaa58a71e790a93710a6ae45f7ca
Fixed
66b9accd4273440017670b68566998c7945fb113
Database specific 
{
    "versions": [
        {
            "introduced": "1.19.5"
        },
        {
            "fixed": "1.22.1"
        }
    ]
}

Affected versions

v1.*
v1.19.5
v1.19.5-3915
v1.19.6-3948
v1.19.6-3949
v1.19.6-3954
v1.19.6-3955
v1.19.6-3960
v1.19.6-3961
v1.19.6-3968
v1.19.6-3969
v1.19.6-3974
v1.19.6-3979
v1.19.6-3984
v1.19.6-3985
v1.19.6-3989
v1.19.6-3990
v1.19.6-3994
v1.19.6-3999
v1.19.6-4000
v1.19.6-4003
v1.19.6-4004
v1.19.6-4016
v1.19.6-4019
v1.19.6-4023
v1.19.6-4027
v1.19.6-4037
v1.19.6-4038
v1.19.6-4040
v1.19.6-4041
v1.19.6-4045
v1.19.6-4046
v1.19.6-4050
v1.19.6-4056
v1.19.6-4060
v1.19.6-4061
v1.19.6-4065
v1.19.6-4066
v1.20.0
v1.20.0-4069
v1.20.0-4071
v1.20.0-4072
v1.20.0-4076
v1.20.0-4077
v1.20.0-4083
v1.20.0-4088
v1.20.0-4095
v1.20.0-4104
v1.20.0-4105
v1.20.0-4107
v1.20.0-4115
v1.20.0-4125
v1.20.0-4126
v1.20.0-4127
v1.20.0-4131
v1.20.0-4132
v1.20.0-4153
v1.20.0-4157
v1.20.0-4161
v1.20.0-4164
v1.20.0-4177
v1.20.0-4180
v1.20.0-4183
v1.20.0-4187
v1.20.0-4191
v1.20.0-4198
v1.20.0-4212
v1.20.0-4214
v1.20.0-4218
v1.20.0-4219
v1.20.0-4222
v1.20.0-4223
v1.20.0-4224
v1.20.0-4229
v1.20.0-4230
v1.20.0-4231
v1.20.0-4238
v1.20.0-4249
v1.20.0-4250
v1.20.0-4255
v1.20.0-4256
v1.20.0-4262
v1.20.1-4353
v1.20.1-4362
v1.20.1-4368
v1.20.1-4372
v1.20.1-4377
v1.20.1-4378
v1.20.1-4383
v1.20.1-4385
v1.20.1-4395
v1.20.1-4400
v1.20.1-4404
v1.20.1-4405
v1.21.2
v1.21.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-49827.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "13.1"
            },
            {
                "fixed": "13.5.1"
            }
        ]
    }
]