HIGH · CVSS 7.5
CVE-2024-35255 — Azure Identity library credential leakage
The Azure Identity library for Node.js logged credentials in specific debug paths, risking exposure of tokens in application logs when diagnostic logging was enabled.
Affects
- @azure/identity < 4.2.1
What an attacker does
An application with verbose logging enabled (common in dev/staging) emitted Azure bearer tokens to stdout / log aggregators. Attackers with log access (or log-based SIEM integrations) could extract credentials.
How to detect
`npm ls @azure/identity`.
How to fix
Upgrade @azure/identity to 4.2.1+. Also audit log retention for Azure token patterns.
How Securie catches it
Securie's secret scanner covers Azure tokens in log sinks.