522 matches found
Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,...
Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,...
Azure DevOps Server Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions. An attacker who exploited the vulnerabilty could add GitHub repos to a project without having the proper access granted to their account. To exploit the vulnerability, an...
Azure DevOps Server Cross-site Scripting Vulnerability
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the us...
Azure DevOps Server Spoofing Vulnerability
A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input. An attacker who exploited the vulnerability could trick a user into loading a page containing malicious content. An authenticated attacker could...
Microsoft Azure DevOps Server CVE-2019-0869 HTML Injection Vulnerability
Description Microsoft Azure DevOps Server is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, to conduct spoofing attacks or redirect the user to a malicious website. Other attacks are al...
Microsoft Azure DevOps Server CVE-2019-0875 Remote Privilege Escalation Vulnerability
Description Microsoft Azure DevOps Server is prone to a remote privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsoft Azure DevOps Server 2019 Recommendations Run all...
Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability
Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Microsoft Azure DevOps Server CVE-2019-0857 Spoofing Vulnerability
Description Microsoft Azure DevOps Server is prone to a spoofing vulnerability. An attacker can exploit this issue to conduct spoofing attacks and to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Technologies Affected Microsoft Azure DevOps...
Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability
Description Microsoft Azure DevOps Server and Team Foundation Server are prone to a cross-site scripting vulnerability because they fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
Microsoft Azure DevOps Server CVE-2019-0874 Cross Site Scripting Vulnerability
Description Microsoft Azure DevOps Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Th...
Microsoft Azure DevOps Server and Team Foundation Server Cross Site Scripting Vulnerability
Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Security Updates for Microsoft Team Foundation Server / Azure DevOps Server (April 2019)
The Microsoft Team Foundation Server or Azure DevOps Server installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project...
Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards
In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research...
Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards
In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research...
Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards
In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research...
SilkETW: Because Free Telemetry is … Free!
Over time people have had an on-again, off-again interest in Event Tracing for Windows ETW. ETW, first introduced in Windows 2000, is a lightweight Kernel level tracing facility that was originally intended for debugging, diagnostics and performance. Gradually, however, defenders realized that ET...
Microsoft Launches Azure DevOps Bug Bounty Program
Microsoft lifted the curtain on a new Azure DevOps bug bounty program, designed to sniff out flaws in its Azure DevOps online services and servers. Azure DevOps is a cloud service launched in 2018 that enables collaboration on code development across the breadth of a development lifecycle...
Announcing the Microsoft Azure DevOps Bounty program
The Microsoft Security Response Center MSRC is pleased to announce the launch of the Azure DevOps Bounty program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities i...
Announcing the Microsoft Azure DevOps Bounty program
The Microsoft Security Response Center MSRC is pleased to announce the launch of the Azure DevOps Bounty program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities i...