ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability · GHSA-rvj4-q8q5-8grf · GitHub Advisory Database · GitHub

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

Moderate severity GitHub Reviewed Published Jun 20, 2024 in traefik/traefik • Updated Aug 8, 2024

Package

github.com/traefik/traefik/v2 (Go)

Affected versions

<= 2.11.4

Patched versions

2.11.5

github.com/traefik/traefik/v3 (Go)

<= 3.0.2

3.0.3

Description

Impact

There is a vulnerability in Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

References

CVE-2024-35255

Patches

Workarounds

No workaround.

For more information

If you have any questions or comments about this advisory, please open an issue.

References

nmengin published to traefik/traefik

Jun 20, 2024

Published to the GitHub Advisory Database Jun 20, 2024

Reviewed Jun 20, 2024

Last updated Aug 8, 2024

Severity

Moderate

5.5

/ 10

CVSS base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N