CVE-2023-36871: Azure Active Directory Security Feature Bypass Vulnerability

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

An attacker would require access to a low privileged session on the user’s device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victim’s device.