Lucene search

[email protected]CVE-2019-0875

HistoryApr 09, 2019 - 9:29 p.m.

CVE-2019-0875

2019-04-0921:29:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

azure devops

server

2019

privilege

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.3%

JSON

An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka ‘Azure DevOps Server Elevation of Privilege Vulnerability’.

CPENameOperatorVersion
microsoft:azure_devops_servermicrosoft azure devops servereq2019

CPE	Name	Operator	Version
microsoft:azure_devops_server	microsoft azure devops server	eq	2019

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0875

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.3%

JSON

Related for CVE-2019-0875

mscve1 symantec1 prion1 cvelist1 nessus1 kaspersky1 talosblog1