CVE-2024-35255
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Summary
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Azure Identity Library for .NET | 1.0.0 < 1.11.4 | affected |
| Microsoft | Microsoft Authentication Library | 1.0.0 < 1.15.1 | affected |
| Microsoft | Azure Identity Library | 1.0.0 < 1.6.0 | affected |
| Microsoft | Azure Identity Library for Java | 1.0.0 < 1.12.2 | affected |
| Microsoft | Azure Identity Library for JavaScript | 1.0.0 < 4.2.1 | affected |
| Microsoft | Azure Identity Library for C++ | 1.0.0 < 1.8.0 | affected |
| Microsoft | Azure Identity Library for Python | 1.0.0 < 1.16.1 | affected |
Weaknesses
- CWE-362: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.