CVE-2024-35255

Опубликовано: 11 июн. 2024

Источник: msrc

CVSS3: 5.5

EPSS Низкий

Описание

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions.

According to the CVSS metric, Integrity and Availability impact is None (I:N/A:N). What does that mean for this vulnerability?

An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files.

Which credential types provided by the Azure Identity client library are affected?

The vulnerability exists in the following credential types:

DefaultAzureCredential
ManagedIdentityCredential

Which credential types provided by the Microsoft Authentication Libraries are affected?

The vulnerability exists in the following credential types:

**What versions of Microsoft Authentication Libraries (MSAL) are affected by this vulnerability? **

Microsoft Authentication Library	Minimum Version Number Affected	Fixed Version Number
MSAL for .NET	4.49.1	4.61.3
MSAL for Java	1.14.4-beta	1.15.1
MSAL for Node	2.7.0	2.9.2

Обновления

Продукт	Статья	Обновление
Azure Identity Library for .NET	Release Notes	Security Update
Microsoft Authentication Library (MSAL) for .NET	Release Notes	Security Update
Microsoft Authentication Library (MSAL) for Node.js	Release Notes	Security Update
Microsoft Authentication Library (MSAL) for Java	Release Notes	Security Update
Azure Identity Library for Go	Release Notes	Security Update
Azure Identity Library for C++	Release Notes	Security Update
Azure Identity Library for Java	Release Notes	Security Update
Azure Identity Library for JavaScript	Release Notes	Security Update
Azure Identity Library for Python	Release Notes	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

EPSS

Процентиль: 45%

0.00221

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-35255

CVSS3: 5.5

redhat

больше 1 года назад

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

CVE-2024-35255

CVSS3: 5.5

nvd

больше 1 года назад

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

SUSE-SU-2025:0750-1

suse-cvrf

11 месяцев назад

Security update for python-azure-identity

SUSE-SU-2024:3345-1

suse-cvrf

больше 1 года назад

Security update for python-azure-identity

GHSA-m5vv-6r4h-3vj9

CVSS3: 5.5

github

больше 1 года назад

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

EPSS

Процентиль: 45%

0.00221

Низкий

5.5 Medium

CVSS3