GitHub Advisory DatabaseGHSA-RVJ4-Q8Q5-8GRF

HistoryJun 20, 2024 - 4:20 p.m.

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

2024-06-2016:20:25

CWE-362

GitHub Advisory Database

github.com

azure

identity libraries

elevation

privilege

vulnerability

microsoft

authentication

traefik

advisory

software

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

Impact

There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

References

CVE-2024-35255

Patches

Workarounds

No workaround.

For more information

If you have any questions or comments about this advisory, please open an issue.

Affected configurations

Vulners

Node

traefiktraefikRange≤2.11.4

traefiktraefikRange≤3.0.2

CPENameOperatorVersion
github.com/traefik/traefik/v2le2.11.4
github.com/traefik/traefik/v3le3.0.2

CPE	Name	Operator	Version
	github.com/traefik/traefik/v2	le	2.11.4
	github.com/traefik/traefik/v3	le	3.0.2

References

github.com/advisories/GHSA-rvj4-q8q5-8grf

github.com/traefik/traefik/releases/tag/v2.11.5

github.com/traefik/traefik/releases/tag/v3.0.3

github.com/traefik/traefik/security/advisories/GHSA-rvj4-q8q5-8grf

nvd.nist.gov/vuln/detail/CVE-2024-35255

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

Related for GHSA-RVJ4-Q8Q5-8GRF