Cloud Misconfig Mistakes Show Need For DevSecOps

Developers have become accustomed to deploying apps in data centers with what could be described as a “crunchy hard outer layer,” to keep their data center secure. But when it comes to the public cloud, “it just doesn’t exist that way,” said Ryan Olson, vice president of threat intelligence with...

What can Application Security Testing add to DevOps programs?

The adoption of DevOps practices by organizations to shorten the standard development lifecycle has put new pressure on security teams to keep up with the pace of development within CI/CD pipelines. In order to accomplish this, security teams need to provide better security insights to developers...

CVE-2020-0815

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758...

CVE-2020-0815

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758...

CVE-2020-0758

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815...

CVE-2020-0700

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...

CVE-2020-0700

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...

CVE-2020-0758

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815...

Cross site scripting

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...

Privilege escalation

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758...

Privilege escalation

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815...

CVE-2020-0815

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758...

CVE-2020-0815

Technical details about CVE-2020-0815 are not provided in the connected documents. The initial entry describes an elevation of privilege related to Azure DevOps pipeline tokens but lacks vulnerable component/version specifics. Monitor for updates.

CVE-2020-0758

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815...

CVE-2020-0758

CVE-2020-0758 describes an elevation of privilege in Azure DevOps Server and Team Foundation Services caused by improper handling of pipeline job tokens. The vulnerability enables an attacker to gain higher privileges via the token mechanism, with network-based access (CVSSv3.1: 7.5, HIGH; ATT&CK...

CVE-2020-0700

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...

CVE-2020-0700

CVE-2020-0700 is a Cross-site Scripting (XSS) vulnerability in Azure DevOps Server where user input is not properly sanitized. The underlying issue is improper sanitization of inputs, allowing an authenticated attacker to send a crafted payload that executes in the context of the current user whe...

Microsoft Azure DevOps Server and Microsoft Team Foundation Server Elevation of Privilege Vulnerability (CNVD-2020-28437)

Microsoft Team Foundation Server and Microsoft Azure DevOps Server are both products of Microsoft Corporation, U.S.A. Microsoft Team Foundation Server is a suite of Application Lifecycle Management ALM tools Microsoft Team Foundation Server is an application lifecycle management ALM suite of tool...

Microsoft Azure DevOps Server and Microsoft Team Foundation Server Elevation of Privilege Vulnerability

Microsoft Team Foundation Server and Microsoft Azure DevOps Server are both products of Microsoft Corporation, U.S.A. Microsoft Team Foundation Server is a suite of Application Lifecycle Management ALM tools Microsoft Team Foundation Server is an application lifecycle management ALM suite of tool...

Microsoft Azure DevOps Server Cross-Site Scripting Vulnerability (CNVD-2020-19008)

Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as sharing code, work tracking, and software distribution. A cross-site scripting vulnerability exists in Azure DevOps Server that stems from the...