cbcvebase.
CVE-2024-35255
published 2024-06-11

CVE-2024-35255: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

PriorityP426medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.79%
51.6th percentile
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
azureidentity>= 0 < 4.2.14.2.1
azuremsal-node>= 2.7.0 < 2.9.22.9.2
github.comazure_azure-sdk-for-go_sdk_azidentity>= 0 < 1.6.0-beta.4.0.20240610221955-50774cd970991.6.0-beta.4.0.20240610221955-50774cd97099
github.comazure_azure-sdk-for-go_sdk_azidentity>= 0 < 1.6.01.6.0
github.comtraefik_traefik_v2>= 0 < 2.11.52.11.5
github.comtraefik_traefik_v3>= 0 < 3.0.33.0.3
microsoftauthentication_library< 1.15.11.15.1
microsoftauthentication_library< 4.61.34.61.3
microsoftauthentication_library<= 2.9.2
microsoftazure_identity_library>= 1.0.0 < 1.6.01.6.0
microsoftazure_identity_library_for_c>= 1.0.0 < 1.8.01.8.0
microsoftazure_identity_library_for_java>= 1.0.0 < 1.12.21.12.2
microsoftazure_identity_library_for_javascript>= 1.0.0 < 4.2.14.2.1
microsoftazure_identity_library_for_net>= 1.0.0 < 1.11.41.11.4
microsoftazure_identity_library_for_python>= 1.0.0 < 1.16.11.16.1
microsoftazure_identity_sdk< 1.6.01.6.0
microsoftazure_identity_sdk< 1.8.01.8.0
microsoftazure_identity_sdk< 1.11.41.11.4
microsoftazure_identity_sdk< 1.12.21.12.2
microsoftazure_identity_sdk< 1.16.11.16.1
microsoftazure_identity_sdk< 4.2.14.2.1
microsoftmicrosoft_authentication_library>= 1.0.0 < 1.15.11.15.1
msrcazure_identity_library_for_c
msrcazure_identity_library_for_go
msrcazure_identity_library_for_java

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ghsa5.5MEDIUM
osv5.5MEDIUM
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.