关键漏洞信息 漏洞标题 IAM Authenticator Bypass via Mis-configured Network Device in Secrets Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur OSS 漏洞严重性 等级: Critical CVSS v4 基本分数: 9.1 / 10 影响的版本 Conjur OSS (CyberArk): < 1.22.1 Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) (CyberArk): < 13.5.1; 13.6 修复版本 Conjur OSS (CyberArk): 1.22.1 Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) (CyberArk): 13.5.1; 13.6.1 描述 攻击者可以通过配置错误的网络设备将从Secrets Manager到AWS的流量重定向到攻击者控制下的恶意服务器,从而绕过身份验证请求。尽管CyberArk认为很少有安装会受到此问题的影响,但Secrets Manager、Self-Hosted和Conjur OSS都可能受到影响。 CVSS v4 基本指标 攻击向量: Network 攻击复杂度: Low 攻击需求: Present 所需权限: None 用户交互: None 受影响系统影响指标: - Confidentiality: High - Integrity: High - Availability: None 后续系统影响指标: - Confidentiality: None - Integrity: None - Availability: None CVE ID CVE-2025-49831 弱点 No CWEs