CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35255 – Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-35255
11 Jun 2024 — Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en las librerías de identidad de Azure y la librería de autenticación de Microsoft A flaw was found in Microsoft's Azure Identity Libraries and the Microsoft Authentication Library (MSAL). The flaw arises from a race condition—a scenario where the timing of events leads to unexpected behavior—during concurrent operations on shared resources. This can result in privile... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1487
https://notcve.org/view.php?id=CVE-2019-1487
10 Dec 2019 — An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for Android Information Disclosure Vulnerability'. Hay una vulnerabilidad de divulgación de información en aplicaciones de Android que utilizan Microsoft Authentication Library (MSAL) versión 0.3.1-Alpha o posterior, en condiciones específicas, también se conoce como "Microsoft Authentication Library for Android Inf... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1487 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-1258 – Azure Active Directory Authentication Library Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2019-1258
14 Aug 2019 — An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens. This vulnerability allows an authenticated attacker to perform actions in context of another user. The authenticated attacker can exploit this vulneraiblity by accessing a service configured for On-Behalf-Of flow that assigns incorrect tokens. This security update addresses the vulnerability by removing fallback cache look-up for On-Behalf-Of scenarios. Exi... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1258 •