Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
Vulnerability Description
The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android (e.g., MAUI) using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer Android device can cause local denial of service against applications that were built using MSAL.NET for authentication on the same device (i.e., prevent the user of the legitimate application from logging in) due to incorrect activity export configuration. MSAL.NET version 4.60.1 includes the fix. As a workaround, a developer may explicitly mark the MSAL.NET activity non-exported.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Vulnerability Type
CWE-926
Vulnerability Title
Microsoft Authentication Library 安全漏洞
Vulnerability Description
Microsoft Authentication Library(MSAL)是美国微软(Microsoft)公司的是一个身份验证库。 Microsoft Authentication Library 存在安全漏洞,该漏洞源于MSAL.NET 应用程序容易受到身份验证流中的本地拒绝服务的影响。受影响的产品和版本:Microsoft-Authentication-Library-for-dotnet 4.48.0至4.59.1之前版本,4.60.0至4.60.3之前版本。
CVSS Information
N/A
Vulnerability Type
N/A