522 matches found
Argo CD Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook
Summary In the default configuration, webhook.azuredevops.username and webhook.azuredevops.password not set, Argo CD’s /api/webhook endpoint crashes the entire argocd-server process when it receives an Azure DevOps Push event whose JSON array resource.refUpdates is empty. The slice index 0 is...
Improper Check or Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions in the /api/webhook endpoint. An attacker can cause the server process to crash by sending an Azure DevOps Push event with an empty resource.refUpdates array. Note: This is only...
Improper Check or Handling of Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions in the /api/webhook endpoint. An attacker can cause the server process to crash by sending an Azure DevOps Push event with an empty resource.refUpdates array. Note: This is only...
PT-2025-40057
Name of the Vulnerable Software and Affected Versions Argo CD versions 2.9.0-rc1 through 2.14.19 Argo CD versions 3.0.0-rc1 through 3.2.0-rc1 Argo CD version 3.1.6 Argo CD version 3.0.17 Description Argo CD, a declarative GitOps continuous delivery tool for Kubernetes, is susceptible to a...
PT-2025-40045
Summary In the default configuration, webhook.azuredevops.username and webhook.azuredevops.password not set, Argo CD’s /api/webhook endpoint crashes the entire argocd-server process when it receives an Azure DevOps Push event whose JSON array resource.refUpdates is empty. The slice index 0 is...
The vulnerability of the Azure DevOps software development tool, related to bypassing authentication using supposedly immutable data, allows attackers to escalate their privileges.
The vulnerability of the Azure DevOps software development tool relates to bypassing authentication using supposedly immutable data. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
Microsoft Azure DevOps Elevation of Privilege Vulnerability
Microsoft Azure DevOps is a team collaboration services platform from Microsoft Corporation USA. Microsoft Azure DevOps has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...
CVE-2025-47158
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...
CVE-2025-47158
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...
CVE-2025-47158
Azure DevOps vulnerability CVE-2025-47158: Authentication bypass by assumed-immutable data can allow a network attacker to elevate privileges. Affected product: Azure DevOps Server/Services. Root cause: bypass of authentication via assumed-immutable data in Azure DevOps. Impact: privilege escalat...
CVE-2025-47158 Azure DevOps Server Elevation of Privilege Vulnerability
...
CVE-2025-47158 Azure DevOps Server Elevation of Privilege Vulnerability
...
Azure DevOps Server Elevation of Privilege Vulnerability
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...
PT-2025-30065 · Microsoft · Azure Devops Server
Name of the Vulnerable Software and Affected Versions: Azure DevOps Server affected versions not specified Description: Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no...
KLA85943 PE vulnerability in Microsoft Developer Tools
An elevation of privilege vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-47158 Related products Microsoft-Azure CVE list CVE-2025-47158 critical Solution Install necessary updates from the KB...
Microsoft Azure DevOps 安全漏洞
Microsoft Azure DevOps is a team collaboration services platform from Microsoft Corporation USA. Microsoft Azure DevOps has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...
The vulnerability of the Azure DevOps software development tool, related to bypassing authentication using supposedly immutable data, allows attackers to escalate their privileges.
The vulnerability of the Azure DevOps software development tool relates to bypassing authentication using supposedly immutable data. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
CVE-2020-0815
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758...
CVE-2020-1327
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'...
CVE-2020-1326
A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...