CVE-2024-35255

2024-06-1117:16:03

CWE-362

[email protected]

web.nvd.nist.gov

azure identity libraries

microsoft authentication library

elevation of privilege

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.8%

JSON

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Affected configurations

Vulners

NVD

Node

microsoftazure_identity_sdk.net

microsoftauthentication_library

microsoftazure_identity_sdk

microsoftazure_identity_sdk_for_java

microsoftazure_identity_sdkjavascript

microsoftazure_identity_sdkc\+\+

microsoftazure_identity_sdk_for_python

CPENameOperatorVersion
microsoft:authentication_librarymicrosoft authentication librarylt1.15.1
microsoft:authentication_librarymicrosoft authentication libraryle2.9.2
microsoft:authentication_librarymicrosoft authentication librarylt4.61.3
microsoft:azure_identity_sdkmicrosoft azure identity sdklt1.6.0
microsoft:azure_identity_sdkmicrosoft azure identity sdklt1.8.0
microsoft:azure_identity_sdkmicrosoft azure identity sdklt1.11.4
microsoft:azure_identity_sdkmicrosoft azure identity sdklt1.12.2
microsoft:azure_identity_sdkmicrosoft azure identity sdklt1.16.1
microsoft:azure_identity_sdkmicrosoft azure identity sdklt4.2.1

CPE	Name	Operator	Version
microsoft:authentication_library	microsoft authentication library	lt	1.15.1
microsoft:authentication_library	microsoft authentication library	le	2.9.2
microsoft:authentication_library	microsoft authentication library	lt	4.61.3
microsoft:azure_identity_sdk	microsoft azure identity sdk	lt	1.6.0
microsoft:azure_identity_sdk	microsoft azure identity sdk	lt	1.8.0
microsoft:azure_identity_sdk	microsoft azure identity sdk	lt	1.11.4
microsoft:azure_identity_sdk	microsoft azure identity sdk	lt	1.12.2
microsoft:azure_identity_sdk	microsoft azure identity sdk	lt	1.16.1
microsoft:azure_identity_sdk	microsoft azure identity sdk	lt	4.2.1

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Azure Identity Library for .NET",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_identity_library_for_.net:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "1.11.4",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Authentication Library",
    "cpes": [
      "cpe:2.3:a:microsoft:microsoft_authentication_library_for_java:-:*:*:*:*:*:*:*",
      "cpe:2.3:a:microsoft:microsoft_authentication_library_for_.net:-:*:*:*:*:*:*:*",
      "cpe:2.3:a:microsoft:microsoft_authentication_library_for_node.js:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "1.15.1",
        "versionType": "custom",
        "status": "affected"
      },
      {
        "version": "1.0.0",
        "lessThan": "4.61.3",
        "versionType": "custom",
        "status": "affected"
      },
      {
        "version": "1.0.0",
        "lessThan": "2.9.2",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Identity Library",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_identity_sdk_for_go:-:*:*:*:*:-:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "1.6.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Identity Library for Java",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_identity_library_for_java:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "1.12.2",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Identity Library for JavaScript",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_identity_library_for_javascript:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "4.2.1",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Identity Library for C++",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_identity_library_for_c_plus_plus:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "1.8.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Azure Identity Library for Python",
    "cpes": [
      "cpe:2.3:a:microsoft:azure_identity_library_for_python:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0.0",
        "lessThan": "1.16.1",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]