CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
A flaw was found in the Azure identity library at github.com/Azure/azure-sdk-for-go/sdk/azidentity. This issue allows an elevation of privileges.
bugzilla.redhat.com/show_bug.cgi?id=2295081
github.com/advisories/GHSA-m5vv-6r4h-3vj9
github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499
github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255
nvd.nist.gov/vuln/detail/CVE-2024-35255
www.cve.org/CVERecord?id=CVE-2024-35255