CVE-2024-35255 — Race Condition in Microsoft Azure Identity Library

CWE-362 — Race Condition9 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 55.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Azure Identity Library Microsoft Azure Identity Library FOR C Microsoft Azure Identity Library FOR Java +11 more

Timeline

PublishedJun 11

Latest updateJul 1

Description

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages14 packages

▶CVEListV5microsoft/azure_identity_library1.0.0 — 1.6.0

▶CVEListV5microsoft/azure_identity_library_for_c1.0.0 — 1.8.0

▶CVEListV5microsoft/azure_identity_library_for_net1.0.0 — 1.11.4

▶CVEListV5microsoft/azure_identity_library_for_java1.0.0 — 1.12.2

▶CVEListV5microsoft/azure_identity_library_for_python1.0.0 — 1.16.1

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity↗2024-07-01

▶

OSV

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability↗2024-06-20

▶

GHSA

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability↗2024-06-20

▶

OSV

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability↗2024-06-11

▶

CVEList

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability↗2024-06-11

▶

📋Vendor Advisories

Red Hat

azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity↗2024-07-01

▶

Microsoft

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability↗2024-06-11

▶