Lucene search

GoogleOSV:GO-2024-2918

HistoryJul 01, 2024 - 9:50 p.m.

Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity

2024-07-0121:50:42

Google

osv.dev

azure

identity libraries

elevation of privilege

vulnerability

github

azure sdk

go sdk

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

JSON

Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity

CPENameOperatorVersion
github.com/azure/azure-sdk-for-go/sdk/azidentitylt1.6.0

CPE	Name	Operator	Version
	github.com/azure/azure-sdk-for-go/sdk/azidentity	lt	1.6.0

References

github.com/advisories/GHSA-m5vv-6r4h-3vj9

github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499

github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340

msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

JSON

Related for OSV:GO-2024-2918