Vulnerability Report: GO-2024-2918
- CVE-2024-35255, GHSA-m5vv-6r4h-3vj9
- Affects: github.com/Azure/azure-sdk-for-go/sdk/azidentity
- Published: Jul 01, 2024
Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-m5vv-6r4h-3vj9.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.6.0
12 affected symbols
- AzurePipelinesCredential.GetToken
- ChainedTokenCredential.GetToken
- ClientAssertionCredential.GetToken
- ClientCertificateCredential.GetToken
- ClientSecretCredential.GetToken
- DefaultAzureCredential.GetToken
- EnvironmentCredential.GetToken
- ManagedIdentityCredential.GetToken
- NewDefaultAzureCredential
- NewManagedIdentityCredential
- OnBehalfOfCredential.GetToken
- WorkloadIdentityCredential.GetToken
Aliases
References
- https://github.com/advisories/GHSA-m5vv-6r4h-3vj9
- https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499
- https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255
- https://vuln.go.dev/ID/GO-2024-2918.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.