[MAVEN:GHSA-M5VV-6R4H-3VJ9] Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Severity
Moderate
Affected Packages
8
Fixed Packages
8
CVEs
1
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
| Package | Affected Version |
|---|---|
 pkg:maven/Microsoft.Identity.Client
|
< 4.61.3 |
|
pkg:maven/github.com/Azure/azure-sdk-for-go/sdk/azidentity
|
< 1.6.0 |
|
pkg:maven/com.microsoft.azure/msal4j
|
< 1.15.1 |
|
pkg:maven/com.azure/azure-identity
|
< 1.12.2 |
|
pkg:maven/Azure.Identity
|
< 1.11.4 |
|
pkg:maven/azure-identity
|
< 1.16.1 |
|
pkg:maven/%40azure/msal-node
|
< 2.9.2 |
|
pkg:maven/%40azure/identity
|
< 4.2.1 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/Microsoft.Identity.Client
|
= 4.61.3 |
|
pkg:maven/github.com/Azure/azure-sdk-for-go/sdk/azidentity
|
= 1.6.0 |
|
pkg:maven/com.microsoft.azure/msal4j
|
= 1.15.1 |
|
pkg:maven/com.azure/azure-identity
|
= 1.12.2 |
|
pkg:maven/Azure.Identity
|
= 1.11.4 |
|
pkg:maven/azure-identity
|
= 1.16.1 |
|
pkg:maven/%40azure/msal-node
|
= 2.9.2 |
|
pkg:maven/%40azure/identity
|
= 4.2.1 |
- ID
- MAVEN:GHSA-M5VV-6R4H-3VJ9
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-m5vv-6r4h-3vj9
- Published
-
2024-06-11T18:30:50
(3 months ago) - Modified
-
2024-06-11T21:37:41
(3 months ago) - Rights
- Maven Security Team
- Other Advisories
ALAS2-2024-2630
FREEBSD:82830965-3073-11EF-A17D-5404A68AD561
GO-2024-2918
NPM:GHSA-M5VV-6R4H-3VJ9| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:maven/Microsoft.Identity.Client |
Microsoft.Identity.Client
|
< 4.61.3 | ||||
| Fixed | pkg:maven/Microsoft.Identity.Client |
Microsoft.Identity.Client
|
= 4.61.3 | ||||
| Affected | pkg:maven/github.com/Azure/azure-sdk-for-go/sdk/azidentity | github.com/Azure/azure-sdk-for-go/sdk |
azidentity
|
< 1.6.0 | |||
| Fixed | pkg:maven/github.com/Azure/azure-sdk-for-go/sdk/azidentity | github.com/Azure/azure-sdk-for-go/sdk |
azidentity
|
= 1.6.0 | |||
| Affected | pkg:maven/com.microsoft.azure/msal4j | com.microsoft.azure |
msal4j
|
< 1.15.1 | |||
| Fixed | pkg:maven/com.microsoft.azure/msal4j | com.microsoft.azure |
msal4j
|
= 1.15.1 | |||
| Affected | pkg:maven/com.azure/azure-identity | com.azure |
azure-identity
|
< 1.12.2 | |||
| Fixed | pkg:maven/com.azure/azure-identity | com.azure |
azure-identity
|
= 1.12.2 | |||
| Affected | pkg:maven/Azure.Identity |
Azure.Identity
|
< 1.11.4 | ||||
| Fixed | pkg:maven/Azure.Identity |
Azure.Identity
|
= 1.11.4 | ||||
| Affected | pkg:maven/azure-identity |
azure-identity
|
< 1.16.1 | ||||
| Fixed | pkg:maven/azure-identity |
azure-identity
|
= 1.16.1 | ||||
| Affected | pkg:maven/%40azure/msal-node | @azure |
msal-node
|
< 2.9.2 | |||
| Fixed | pkg:maven/%40azure/msal-node | @azure |
msal-node
|
= 2.9.2 | |||
| Affected | pkg:maven/%40azure/identity | @azure |
identity
|
< 4.2.1 | |||
| Fixed | pkg:maven/%40azure/identity | @azure |
identity
|
= 4.2.1 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |