Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-35255

Good to know:

icon
icon

Date: June 11, 2024

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Language: Go

Severity Score

Related Resources (10)

https://github.com/Azure/azure-sdk-for-python/commit/cb065acd7d0f957327dc4f02d1646d4e51a94178
https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499
https://github.com/Azure/azure-sdk-for-js/commit/c6aa75d312ae463e744163cedfd8fc480cc8d492
https://github.com/advisories/GHSA-m5vv-6r4h-3vj9
https://nvd.nist.gov/vuln/detail/CVE-2024-35255
https://github.com/Azure/azure-sdk-for-net/commit/9279a4f38bf69b457cfb9b354f210e0a540a5c53
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340
https://github.com/Azure/azure-sdk-for-java/commit/5bf020d6ea056de40e2738e3647a4e06f902c18d
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255
https://www.mend.io/vulnerability-database/CVE-2024-35255

Severity Score

Weakness Type (CWE)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

Top Fix

icon

Upgrade Version

Upgrade to version azure-identity - 1.16.1;@azure/identity - 4.2.1;@azure/msal-node - 2.9.2;Microsoft.Identity.Client - 4.61.3;Microsoft.Identity.Client - 4.60.4;github.com/Azure/azure-sdk-for-go/sdk/azidentity - v1.6.0-beta.4.0.20240610221955-50774cd97099;Azure.Identity - 1.11.4;com.azure:azure-identity:1.12.2;com.microsoft.azure:msal4j:1.15.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us