Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjNngtY3E0Ny05Y2h3
Vulnerability in Azure Active Directory Authentication Library
An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens, aka 'Azure Active Directory Authentication Library Elevation of Privilege Vulnerability'.
Permalink: https://github.com/advisories/GHSA-xc6x-cq47-9chwJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjNngtY3E0Ny05Y2h3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: 6 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Percentage: 0.00123
EPSS Percentile: 0.47513
Identifiers: GHSA-xc6x-cq47-9chw, CVE-2019-1258
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-1258
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1258
- https://github.com/advisories/GHSA-xc6x-cq47-9chw
Affected Packages
nuget:microsoft.identitymodel.clients.activedirectory
Dependent packages: 244Dependent repositories: 0
Downloads: 457,407,831 total
Affected Version Ranges: >= 5.0.0, <= 5.1.1
Fixed in: 5.2.0
All affected versions: 5.0.5, 5.1.0, 5.1.1
All unaffected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 2.12.111071459, 2.13.112171830, 2.13.112191810, 2.14.201151115, 2.15.204151539, 2.16.204221202, 2.17.206230854, 2.18.206251556, 2.19.208020213, 2.20.301151232, 2.21.301221612, 2.22.302111727, 2.23.302261847, 2.24.304111323, 2.25.305061457, 2.26.305100852, 2.26.305102204, 2.27.306291202, 2.28.0, 2.28.1, 2.28.2, 2.28.3, 2.28.4, 2.29.0, 3.9.304210845, 3.10.305052128, 3.10.305110106, 3.10.305161347, 3.10.305231913, 3.11.0, 3.12.0, 3.13.0, 3.13.1, 3.13.2, 3.13.3, 3.13.4, 3.13.5, 3.13.6, 3.13.7, 3.13.8, 3.13.9, 3.14.0, 3.14.1, 3.14.2, 3.15.0, 3.16.0, 3.16.1, 3.17.0, 3.17.1, 3.17.2, 3.17.3, 3.18.0, 3.19.0, 3.19.1, 3.19.2, 3.19.3, 3.19.4, 3.19.5, 3.19.6, 3.19.7, 3.19.8, 4.3.0, 4.4.0, 4.4.1, 4.4.2, 4.5.0, 4.5.1, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.3.0