CVE-2024-35255 Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

2024-06-1116:59:47

CWE-362

microsoft

github.com

cve-2024-35255

azure identity

microsoft authentication library

elevation of privilege

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.8%

JSON

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:microsoft:azure_identity_library_for_.net:-:*:*:*:*:*:*:*"
    ],
    "vendor": "Microsoft",
    "product": "Azure Identity Library for .NET",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0",
        "lessThan": "1.11.4",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Unknown"
    ]
  },
  {
    "cpes": [
      "cpe:2.3:a:microsoft:microsoft_authentication_library_for_java:-:*:*:*:*:*:*:*",
      "cpe:2.3:a:microsoft:microsoft_authentication_library_for_.net:-:*:*:*:*:*:*:*",
      "cpe:2.3:a:microsoft:microsoft_authentication_library_for_node.js:-:*:*:*:*:*:*:*"
    ],
    "vendor": "Microsoft",
    "product": "Microsoft Authentication Library",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0",
        "lessThan": "1.15.1",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "1.0.0",
        "lessThan": "4.61.3",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "1.0.0",
        "lessThan": "2.9.2",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Unknown"
    ]
  },
  {
    "cpes": [
      "cpe:2.3:a:microsoft:azure_identity_sdk_for_go:-:*:*:*:*:-:*:*"
    ],
    "vendor": "Microsoft",
    "product": "Azure Identity Library",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0",
        "lessThan": "1.6.0",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Unknown"
    ]
  },
  {
    "cpes": [
      "cpe:2.3:a:microsoft:azure_identity_library_for_java:-:*:*:*:*:*:*:*"
    ],
    "vendor": "Microsoft",
    "product": "Azure Identity Library for Java",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0",
        "lessThan": "1.12.2",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Unknown"
    ]
  },
  {
    "cpes": [
      "cpe:2.3:a:microsoft:azure_identity_library_for_javascript:-:*:*:*:*:*:*:*"
    ],
    "vendor": "Microsoft",
    "product": "Azure Identity Library for JavaScript",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0",
        "lessThan": "4.2.1",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Unknown"
    ]
  },
  {
    "cpes": [
      "cpe:2.3:a:microsoft:azure_identity_library_for_c_plus_plus:-:*:*:*:*:*:*:*"
    ],
    "vendor": "Microsoft",
    "product": "Azure Identity Library for C++",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0",
        "lessThan": "1.8.0",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Unknown"
    ]
  },
  {
    "cpes": [
      "cpe:2.3:a:microsoft:azure_identity_library_for_python:-:*:*:*:*:*:*:*"
    ],
    "vendor": "Microsoft",
    "product": "Azure Identity Library for Python",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0",
        "lessThan": "1.16.1",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Unknown"
    ]
  }
]