Go modules package
github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension
pkg:golang/github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42602 | Hig | 8.1 | >= 0.124.0, <= 0.150.0 | — | May 13, 2026 | azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate |
- affected >= 0.124.0, <= 0.150.0
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configured identity can mint for to authenticate