{"schema_version":"1.3.1","id":"GO-2024-2918","modified":"2024-07-01T21:50:42Z","published":"2024-07-01T21:50:42Z","aliases":["CVE-2024-35255","GHSA-m5vv-6r4h-3vj9"],"summary":"Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity","details":"Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity","affected":[{"package":{"name":"github.com/Azure/azure-sdk-for-go/sdk/azidentity","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.6.0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/Azure/azure-sdk-for-go/sdk/azidentity","symbols":["AzurePipelinesCredential.GetToken","ChainedTokenCredential.GetToken","ClientAssertionCredential.GetToken","ClientCertificateCredential.GetToken","ClientSecretCredential.GetToken","DefaultAzureCredential.GetToken","EnvironmentCredential.GetToken","ManagedIdentityCredential.GetToken","NewDefaultAzureCredential","NewManagedIdentityCredential","OnBehalfOfCredential.GetToken","WorkloadIdentityCredential.GetToken","confidentialClient.GetToken","managedIdentityClient.authenticate","managedIdentityClient.createAccessToken","managedIdentityClient.createAppServiceAuthRequest","managedIdentityClient.createAzureArcAuthRequest","managedIdentityClient.createAzureMLAuthRequest","managedIdentityClient.createCloudShellAuthRequest","managedIdentityClient.createIMDSAuthRequest","managedIdentityClient.createServiceFabricAuthRequest","managedIdentityClient.getAzureArcSecretKey","newManagedIdentityClient"]}]}}],"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-m5vv-6r4h-3vj9"},{"type":"FIX","url":"https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499"},{"type":"WEB","url":"https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340"},{"type":"WEB","url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-2918","review_status":"REVIEWED"}}