Vulnerability in Azure Active Directory Authentication Library · CVE-2019-1258 · GitHub Advisory Database · GitHub

Vulnerability in Azure Active Directory Authentication Library

High severity GitHub Reviewed Published Aug 16, 2019 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

microsoft.identitymodel.clients.activedirectory (NuGet)

Affected versions

>= 5.0.0, <= 5.1.1

Patched versions

5.2.0

Description

An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens, aka 'Azure Active Directory Authentication Library Elevation of Privilege Vulnerability'.

References

Reviewed Aug 15, 2019

Published to the GitHub Advisory Database Aug 16, 2019

Last updated Jan 9, 2023

Severity

High

8.8

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H