关键漏洞信息 漏洞标题 Remote Code Execution in Secrets Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur OSS 严重性 Severity: High (8.6/10) 影响版本 Conjur OSS (CyberArk): 1.20.1 - 1.21.1 Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise): 13.1 - 13.4.1 修复版本 Conjur OSS (CyberArk): 1.21.2 Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise): 13.5 描述 An authenticated attacker who can inject secrets or templates into the Secrets Manager, Self-Hosted database could take advantage of an exposed API endpoint to execute arbitrary Ruby code within the Secrets Manager process. CVSS v4 Base Metrics Exploitability Metrics - Attack Vector: Network - Attack Complexity: Low - Attack Requirements: None - Privileges Required: High - User Interaction: None Vulnerable System Impact Metrics - Confidentiality: High - Integrity: High - Availability: High Subsequent System Impact Metrics - Confidentiality: None - Integrity: None - Availability: None CVE ID CVE-2025-49828 弱点 CWE-1336