CVE-2024-35255: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

First published: Tue Jun 11 2024(Updated: )

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Azure Identity Library for .NET		fix available externally
Microsoft Authentication Library (MSAL) for .NET		fix available externally
Microsoft Authentication Library (MSAL) for Python		fix available externally
Microsoft Azure Identity Library for C++		fix available externally
Microsoft Authentication Library (MSAL) for Node.js		fix available externally
Microsoft Azure Identity Library for JavaScript		fix available externally
Microsoft Authentication Library (MSAL) for Java		fix available externally
Microsoft Azure Identity Library for Go		fix available externally
Microsoft Azure Identity Library for Python		fix available externally
Microsoft Azure Identity Library for Java		fix available externally
nuget/Microsoft.Identity.Client	>=4.61.0<4.61.3	4.61.3
nuget/Microsoft.Identity.Client	>=4.49.1<4.60.4	4.60.4
maven/com.microsoft.azure:msal4j	>=1.14.4-beta<1.15.1	1.15.1
npm/@azure/msal-node	>=2.7.0<2.9.2	2.9.2
nuget/Azure.Identity	<1.11.4	1.11.4
go/github.com/Azure/azure-sdk-for-go/sdk/azidentity	<1.6.0	1.6.0
maven/com.azure:azure-identity	<1.12.2	1.12.2
npm/@azure/identity	<4.2.1	4.2.1
pip/azure-identity	<1.16.1	1.16.1
Microsoft Authentication Library Java	<1.15.1
Microsoft Authentication Library Node.js	<=2.9.2
Microsoft Authentication Library .net	<4.61.3
Microsoft Azure Identity Sdk Go	<1.6.0
Microsoft Azure Identity Sdk C\+\+	<1.8.0
Microsoft Azure Identity Sdk	<1.11.4
Microsoft Azure Identity Sdk	<1.12.2
Microsoft Azure Identity Sdk	<1.16.1
Microsoft Azure Identity Sdk	<4.2.1

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255

Never miss a vulnerability like this again

Reference Links

agent/title
agent/type
collector/msrc-cve
source/Microsoft
agent/software-canonical-lookup
agent/first-publish-date
agent/software-canonical-lookup-request
agent/weakness
agent/severity
agent/author
agent/description
collector/msrc
agent/references
agent/remedy
collector/nvd-api
source/NVD
agent/softwarecombine
collector/nvd-cve
agent/event
agent/tags
collector/mitre-cve
source/MITRE
collector/github-advisory-latest
source/GitHub
alias/GHSA-m5vv-6r4h-3vj9
alias/CVE-2024-35255
agent/last-modified-date
collector/github-advisory
collector/redhat-bugzilla
source/Red Hat
vendor/microsoft
canonical/microsoft azure identity library for .net
canonical/microsoft authentication library (msal) for .net
canonical/microsoft authentication library (msal) for python
canonical/microsoft azure identity library for c++
canonical/microsoft authentication library (msal) for node.js
canonical/microsoft authentication library (msal) for java
canonical/microsoft azure identity library for go
canonical/microsoft azure identity library for javascript
canonical/microsoft azure identity library for python
canonical/microsoft azure identity library for java
canonical/microsoft authentication library java
canonical/microsoft authentication library node.js
version/microsoft authentication library node.js/2.9.2
canonical/microsoft authentication library .net
canonical/microsoft azure identity sdk go
canonical/microsoft azure identity sdk c\+\+
canonical/microsoft azure identity sdk
package-manager/nuget
package-manager/maven
package-manager/npm
package-manager/go
package-manager/pip

CVE-2024-35255: Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact