522 matches found
CVE-2020-0758
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815...
CVE-2020-0700
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...
Privilege escalation
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758...
Cross site scripting
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...
Privilege escalation
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815...
CVE-2020-0815
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758...
CVE-2020-0815
Technical details about CVE-2020-0815 are not provided in the connected documents. The initial entry describes an elevation of privilege related to Azure DevOps pipeline tokens but lacks vulnerable component/version specifics. Monitor for updates.
CVE-2020-0758
CVE-2020-0758 describes an elevation of privilege in Azure DevOps Server and Team Foundation Services caused by improper handling of pipeline job tokens. The vulnerability enables an attacker to gain higher privileges via the token mechanism, with network-based access (CVSSv3.1: 7.5, HIGH; ATT&CK...
CVE-2020-0758
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815...
CVE-2020-0700
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...
CVE-2020-0700
CVE-2020-0700 is a Cross-site Scripting (XSS) vulnerability in Azure DevOps Server where user input is not properly sanitized. The underlying issue is improper sanitization of inputs, allowing an authenticated attacker to send a crafted payload that executes in the context of the current user whe...
Microsoft Azure DevOps Server and Microsoft Team Foundation Server Elevation of Privilege Vulnerability (CNVD-2020-28437)
Microsoft Team Foundation Server and Microsoft Azure DevOps Server are both products of Microsoft Corporation, U.S.A. Microsoft Team Foundation Server is a suite of Application Lifecycle Management ALM tools Microsoft Team Foundation Server is an application lifecycle management ALM suite of tool...
Microsoft Azure DevOps Server and Microsoft Team Foundation Server Elevation of Privilege Vulnerability
Microsoft Team Foundation Server and Microsoft Azure DevOps Server are both products of Microsoft Corporation, U.S.A. Microsoft Team Foundation Server is a suite of Application Lifecycle Management ALM tools Microsoft Team Foundation Server is an application lifecycle management ALM suite of tool...
Microsoft Azure DevOps Server Cross-Site Scripting Vulnerability (CNVD-2020-19008)
Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as sharing code, work tracking, and software distribution. A cross-site scripting vulnerability exists in Azure DevOps Server that stems from the...
Microsoft Patches 26 Critical Bugs in Big March Update
Microsoft tackled 115 bug fixes as part of its March Patch Tuesday update – 26 rated critical and 88 rated medium severity. The bugs patched span its product catalog, from Azure DevOps to Windows 10. This month’s haul is notable in its quantity and that there are only a few stand-out bugs causing...
Azure DevOps Server Cross-site Scripting Vulnerability
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the us...
KLA11682 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Diagnostic Hub Standard...
The vulnerability of the software development tools Team Foundation Server and Azure DevOps Server lies in insufficient validation of input data, allowing a hacker to execute arbitrary code.
The vulnerability of software development tools such as Team Foundation Server and Azure DevOps Server is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially created file...
The vulnerability of the Team Foundation Server and Azure DevOps Server software development tools lies in the lack of protective measures for the website structure, allowing attackers to execute cross-site scripting attacks.
The vulnerability of the Team Foundation Server and Azure DevOps Server software development tools is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform a cross-site scripting attack remotely...
CVE-2019-1306
A remote code execution vulnerability exists when Azure DevOps Server ADO and Team Foundation Server TFS fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'...