Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

2024-06-1118:30:50

CWE-362

GitHub Advisory Database

github.com

azure identity

microsoft authentication library

elevation of privilege

vulnerability

software

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

Affected configurations

Vulners

Node

microsoft.identity.clientRange<4.61.3

microsoft.identity.clientRange<4.60.4

com.microsoft.azure\Matchmsal4j

azuremsal-nodeRange<2.9.2

azure.identityRange<1.11.4

microsoftazure_identity_sdkRange<1.6.0go

com.azure\azureMatchidentity

azureidentityRange<4.2.1

azureidentityRange<1.16.1

CPENameOperatorVersion
microsoft.identity.clientlt4.61.3
microsoft.identity.clientlt4.60.4
com.microsoft.azure:msal4jlt1.15.1
@azure/msal-nodelt2.9.2
azure.identitylt1.11.4
github.com/azure/azure-sdk-for-go/sdk/azidentitylt1.6.0
com.azure:azure-identitylt1.12.2
@azure/identitylt4.2.1
azure-identitylt1.16.1

Name	Operator	Version
microsoft.identity.client	lt	4.61.3
microsoft.identity.client	lt	4.60.4
com.microsoft.azure:msal4j	lt	1.15.1
@azure/msal-node	lt	2.9.2
azure.identity	lt	1.11.4
github.com/azure/azure-sdk-for-go/sdk/azidentity	lt	1.6.0
com.azure:azure-identity	lt	1.12.2
@azure/identity	lt	4.2.1
azure-identity	lt	1.16.1