Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (April 2021)

The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by multiple vulnerabilities. An attacker can exploit these to either perform actions with the privileges of another user or disclose sensitive information. Note all systems require...

Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting Vulnerability

Webmail Edition version 5.2.22 suffers from remote code execution and cross site scripting vulnerabilities via the HordeTextFilter library. ======================================================================= title: Reflected cross-site scripting product: Microsoft Azure DevOps Server vulnerab...

Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected cross-site scripting product: Microsoft Azure DevOps Server vulnerable version: 2020.0.1 fixed version: 2020.0.1 Patch 2 CVE number: CVE-2021-28459 impact: medi...

CVE-2021-28459

Azure DevOps Server Spoofing Vulnerability...

CVE-2021-28459

Azure DevOps Server Spoofing Vulnerability...

CVE-2021-27067

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability...

CVE-2021-27067

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability...

Information disclosure

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability...

Spoofing

Azure DevOps Server Spoofing Vulnerability...

CVE-2021-28459 Azure DevOps Server Spoofing Vulnerability

...

CVE-2021-28459

CVE-2021-28459 affects Microsoft Azure DevOps Server on-premises (Azure DevOps Server 2020.0.1). Described as a cross-site scripting vulnerability (spoofing vulnerability) in the Azure DevOps Server component; publicly documented exploit discussion exists (e.g., SEC Consult entry). The fixed vers...

CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability

...

CVE-2021-27067

CVE-2021-27067 is an information-disclosure vulnerability in Azure DevOps Server and Team Foundation Server. According to PT-Security, the issue stems from memory-handling errors in the Team Foundation Services component, allowing a remote attacker to gain unauthorized access to protected informa...

Azure DevOps Server Spoofing Vulnerability

...

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability

...

Microsoft Azure DevOps Server 信息泄露漏洞

Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as code sharing, work tracking, and software distribution. An information disclosure vulnerability exists in Azure DevOps Server and Team...

PT-2021-2707 · Microsoft · Team Foundation Server +1

Name of the Vulnerable Software and Affected Versions: Azure DevOps Server and Team Foundation Server affected versions not specified Description: The issue is related to errors in handling objects in memory within the Team Foundation Services component of Azure DevOps Server. This can allow a...

PT-2021-2727 · Microsoft · Azure Devops Server

Name of the Vulnerable Software and Affected Versions: Azure DevOps Server affected versions not specified Description: The issue is related to the failure to protect the web page structure, which can lead to cross-site scripting attacks. A remote attacker can exploit this to conduct such attacks...

HTTPS over HTTP: A Supply Chain Attack on Azure DevOps Server 2020

We provide the technical details of a supply chain attack on an improperly configured Azure DevOps Server 2020, specifically in the continuous integration and continuous delivery CI/CD Pipeline Agent communicating without TLS...

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Windows Developer Tools. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Impersonating another user Access to sensitive data Increased use...