CVE-2025-49830
- Source
- https://cve.org/CVERecord?id=CVE-2025-49830
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-49830.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-49830
- Aliases
-
- GHSA-7m6h-fqrm-m9c5
- Published
- 2025-07-15T20:04:13.380Z
- Modified
- 2026-04-10T05:29:39.721833Z
- Severity
-
- 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to path traversal and file disclosure
- Details
-
Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to better understand the folder structure of the Secrets Manager/Conjur server or to have the yaml parser include files on the server in the yaml that is processed as the policy loads. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/49xxx/CVE-2025-49830.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-22" ] }- References
-
- http://www.openwall.com/lists/oss-security/2025/07/16/7
- http://www.openwall.com/lists/oss-security/2025/08/08/1
- https://github.com/cyberark/conjur/releases/tag/v1.22.1
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/49xxx/CVE-2025-49830.json
- https://github.com/cyberark/conjur/security/advisories/GHSA-7m6h-fqrm-m9c5
- https://nvd.nist.gov/vuln/detail/CVE-2025-49830
Affected packages
Git / github.com/cyberark/conjur
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cyberark/conjur
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.2.0
Other
delete
v0.*
v0.2.0
v0.3.0
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.9.0
v1.*
v1.0.0
v1.0.1
v1.1.0
v1.1.1
v1.1.2
v1.10.0
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.11.7
v1.12.0
v1.13.0
v1.13.1
v1.14.0
v1.14.1
v1.14.2
v1.15.0
v1.16.0-2224
v1.16.0-2233
v1.16.0-2238
v1.16.0-2258
v1.16.0-2264
v1.16.0-2265
v1.16.0-2266
v1.16.0-2271
v1.16.0-2280
v1.16.0-2281
v1.16.0-2286
v1.17.0-2299
v1.17.1-2301
v1.17.1-2305
v1.17.1-2306
v1.17.1-2307
v1.17.1-2312
v1.17.1-2314
v1.17.2-2321
v1.17.2-2323
v1.17.2-2324
v1.17.2-2330
v1.17.2-2341
v1.17.2-2371
v1.17.2-2380
v1.17.2-2401
v1.17.2-2408
v1.17.2-2468
v1.17.2-2477
v1.17.3
v1.17.3-2478
v1.17.3-2484
v1.17.3-2498
v1.17.4-2500
v1.17.5-2503
v1.17.5-2515
v1.17.5-2521
v1.17.6
v1.17.6-2525
v1.17.6-2555
v1.17.6-2562
v1.17.6-2571
v1.17.6-2585
v1.17.7
v1.17.7-2648
v1.17.7-2653
v1.17.7-2670
v1.17.7-2695
v1.17.7-2705
v1.17.7-2710
v1.17.7-2766
v1.17.7-2782
v1.17.7-2785
v1.17.8-2829
v1.18.0
v1.18.0-2834
v1.18.0-2837
v1.18.0-2845
v1.18.0-2856
v1.18.0-2864
v1.18.0-2871
v1.18.0-2891
v1.18.0-2893
v1.18.0-2902
v1.18.1
v1.18.1-2924
v1.18.1-2928
v1.18.1-2953
v1.18.1-2957
v1.18.1-2961
v1.18.1-2963
v1.18.1-2969
v1.18.2
v1.18.2-3025
v1.18.2-3030
v1.18.3
v1.18.3-3057
v1.18.4
v1.18.4-3067
v1.18.5-3122
v1.18.5-3123
v1.18.5-3165
v1.18.5-3170
v1.18.5-3183
v1.18.5-3187
v1.19.0
v1.19.0-3227
v1.19.0-3228
v1.19.0-3239
v1.19.0-3243
v1.19.0-3276
v1.19.0-3290
v1.19.0-3292
v1.19.0-3294
v1.19.1
v1.19.1-3316
v1.19.1-3320
v1.19.1-3325
v1.19.1-3334
v1.19.1-3355
v1.19.1-3387
v1.19.1-3394
v1.19.1-3398
v1.19.2
v1.19.2-3426
v1.19.2-3431
v1.19.3
v1.19.3-3458
v1.19.3-3474
v1.19.3-3475
v1.19.3-3483
v1.19.3-3494
v1.19.3-3517
v1.19.3-3518
v1.19.3-3528
v1.19.3-3529
v1.19.3-3568
v1.19.3-3584
v1.19.3-3597
v1.19.3-3602
v1.19.3-3603
v1.19.3-3606
v1.19.3-3614
v1.19.3-3615
v1.19.3-3619
v1.19.3-3622
v1.19.3-3632
v1.19.3-3638
v1.19.3-3645
v1.19.3-3646
v1.19.3-3648
v1.19.3-3651
v1.19.3-3676
v1.19.3-3685
v1.19.3-3690
v1.19.4-3759
v1.19.4-3763
v1.19.5
v1.19.5-3765
v1.19.5-3796
v1.19.5-3797
v1.19.5-3798
v1.19.5-3859
v1.19.5-3864
v1.19.5-3900
v1.19.5-3903
v1.19.5-3905
v1.19.5-3906
v1.19.5-3911
v1.19.5-3915
v1.19.6-3948
v1.19.6-3949
v1.19.6-3954
v1.19.6-3955
v1.19.6-3960
v1.19.6-3961
v1.19.6-3968
v1.19.6-3969
v1.19.6-3974
v1.19.6-3979
v1.19.6-3984
v1.19.6-3985
v1.19.6-3989
v1.19.6-3990
v1.19.6-3994
v1.19.6-3999
v1.19.6-4000
v1.19.6-4003
v1.19.6-4004
v1.19.6-4016
v1.19.6-4019
v1.19.6-4023
v1.19.6-4027
v1.19.6-4037
v1.19.6-4038
v1.19.6-4040
v1.19.6-4041
v1.19.6-4045
v1.19.6-4046
v1.19.6-4050
v1.19.6-4056
v1.19.6-4060
v1.19.6-4061
v1.19.6-4065
v1.19.6-4066
v1.2.0
v1.20.0
v1.20.0-4069
v1.20.0-4071
v1.20.0-4072
v1.20.0-4076
v1.20.0-4077
v1.20.0-4083
v1.20.0-4088
v1.20.0-4095
v1.20.0-4104
v1.20.0-4105
v1.20.0-4107
v1.20.0-4115
v1.20.0-4125
v1.20.0-4126
v1.20.0-4127
v1.20.0-4131
v1.20.0-4132
v1.20.0-4153
v1.20.0-4157
v1.20.0-4161
v1.20.0-4164
v1.20.0-4177
v1.20.0-4180
v1.20.0-4183
v1.20.0-4187
v1.20.0-4191
v1.20.0-4198
v1.20.0-4212
v1.20.0-4214
v1.20.0-4218
v1.20.0-4219
v1.20.0-4222
v1.20.0-4223
v1.20.0-4224
v1.20.0-4229
v1.20.0-4230
v1.20.0-4231
v1.20.0-4238
v1.20.0-4249
v1.20.0-4250
v1.20.0-4255
v1.20.0-4256
v1.20.0-4262
v1.20.1-4353
v1.20.1-4362
v1.20.1-4368
v1.20.1-4372
v1.20.1-4377
v1.20.1-4378
v1.20.1-4383
v1.20.1-4385
v1.20.1-4395
v1.20.1-4400
v1.20.1-4404
v1.20.1-4405
v1.21.2
v1.21.3
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.6
v1.4.7
v1.5.0
v1.5.1
v1.6.0
v1.7.0
v1.7.1
v1.7.2
v1.7.3