OnlyFm252
Azure SDK

CVE-2024-35255 — Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Important CVSS 5.5 EPSS 0.00781 2024-06 archive

Executive Summary

None

Overview

5.5
CVSS MEDIUM
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
Category Elevation of Privilege
Released Jun 11 2024
Last Updated Jun 11 2024
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known
EPSS Score 0.00781 — 0.51148 percentile

CVSS Vector

ATTACK VECTOR
Local
ATTACK COMPLEXITY
Low
PRIVILEGES REQUIRED
Low
USER INTERACTION
None
SCOPE
Unchanged
Temporal Score: 4.8

EPSS Score

0.00781
probability of exploitation in the next 30 days
0.51148 percentile - updated 2026-06-20
View on FIRST.org

Affected Products

9 affected products
Product KB Article Severity Impact Restart Required
Azure Identity Library for .NET Release Notes (Security Update) Important Elevation of Privilege Maybe
Azure Identity Library for C++ Release Notes (Security Update) Important Elevation of Privilege Maybe
Azure Identity Library for Go Release Notes (Security Update) Important Elevation of Privilege Maybe
Azure Identity Library for Java Release Notes (Security Update) Important Elevation of Privilege Maybe
Azure Identity Library for JavaScript Release Notes (Security Update) Important Elevation of Privilege Maybe
Azure Identity Library for Python Release Notes (Security Update) Important Elevation of Privilege Maybe
Microsoft Authentication Library (MSAL) for .NET Release Notes (Security Update) Important Elevation of Privilege Maybe
Microsoft Authentication Library (MSAL) for Java Release Notes (Security Update) Important Elevation of Privilege Maybe
Microsoft Authentication Library (MSAL) for Node.js Release Notes (Security Update) Important Elevation of Privilege Maybe

Patches

1 patch
Article Type Restart
Release Notes Security Update Maybe

Known Exploits

Acknowledgments

Vladimir Abramzon with Microsoft, Eli Arbel with Microsoft

On This Page