Lucene search

GoogleOSV:GHSA-RVJ4-Q8Q5-8GRF

HistoryJun 20, 2024 - 4:20 p.m.

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

2024-06-2016:20:25

Google

osv.dev

acme dns

azure identity libraries

elevation of privilege

vulnerability

microsoft authentication library

traefik

security advisory

nist

cve-2024-35255

github

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

Impact

There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

References

CVE-2024-35255

Patches

Workarounds

No workaround.

For more information

If you have any questions or comments about this advisory, please open an issue.

CPENameOperatorVersion
github.com/traefik/traefik/v3lt3.0.3
github.com/traefik/traefik/v2lt2.11.5

CPE	Name	Operator	Version
	github.com/traefik/traefik/v3	lt	3.0.3
	github.com/traefik/traefik/v2	lt	2.11.5

References

github.com/traefik/traefik

github.com/traefik/traefik/releases/tag/v2.11.5

github.com/traefik/traefik/releases/tag/v3.0.3

github.com/traefik/traefik/security/advisories/GHSA-rvj4-q8q5-8grf

nvd.nist.gov/vuln/detail/CVE-2024-35255

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

Related for OSV:GHSA-RVJ4-Q8Q5-8GRF