[GHSA-m5vv-6r4h-3vj9] Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.67k stars 304 forks source link

[GHSA-m5vv-6r4h-3vj9] Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability #4537

Closed localden closed 3 weeks ago

localden commented 3 weeks ago

Updates

Affected products

Comments Specifying the correct version ranges for MSAL.

darakian commented 3 weeks ago

Hey @localden, any chance you've got references to substantiate this change?

localden commented 3 weeks ago

We provided this data initially to the MSRC team, but it was not picked up in the tooling due to an internal limitation:

MSAL.NET (Microsoft.Identity.Client): o Min version: 4.49.1 o Fixed version: 4.61.3
MSAL Java (msal4j): o Min version: 1.14.4-beta o Fixed version: 1.15.1
MSAL Node (@azure/msal-node): o Min version: 2.7.0 o Fixed version: 2.9.2

darakian commented 3 weeks ago

Gotcha. I'll put this through, but please ask them to update their advisory as well :)

advisory-database[bot] commented 3 weeks ago

Hi @localden! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!