CVE-2024-35255
Published: Jun 11, 2024
Modified: Dec 17, 2025
CVSS v3.1
5.5
Description
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
| Vendor | Product | Versions |
|---|---|---|
Microsoft | Azure Identity Library for .NET | affected 1.0.0 - < 1.11.4 |
Microsoft | Microsoft Authentication Library | affected 1.0.0 - < 1.15.1 |
Microsoft | Azure Identity Library | affected 1.0.0 - < 1.6.0 |
Microsoft | Azure Identity Library for Java | affected 1.0.0 - < 1.12.2 |
Microsoft | Azure Identity Library for JavaScript | affected 1.0.0 - < 4.2.1 |
Microsoft | Azure Identity Library for C++ | affected 1.0.0 - < 1.8.0 |
Microsoft | Azure Identity Library for Python | affected 1.0.0 - < 1.16.1 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now