28 matches found
CVE-2019-0971
An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'...
Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (February 2024)
The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by a remote code execution vulnerability. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...
Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (October 2023)
The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by an elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. Note that Nessus has not tested for this issue but has instead relied only on...
Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (September 2023)
The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by multiple server remote code execution vulnerabilities. An authenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. Note that Ness...
Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (June 2023)
The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by multiple server spoofing vulnerabilities. An attacker who successfully exploited the vulnerability could access data that is available for the current user. Depending on the...
Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (April 2021)
The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by multiple vulnerabilities. An attacker can exploit these to either perform actions with the privileges of another user or disclose sensitive information. Note all systems require...
Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (December 2020)
The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by multiple spoofing vulnerabilities. An attacker can exploit these to perform actions with the privileges of another user. Note that Nessus has not tested for these issues but has...
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation resulting in a stored cross-site scripting vulnerability.
...
jenkins-git-plugin: stored cross-site scripting
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability...
jenkins-git-plugin: stored cross-site scripting
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability...
Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (July 2019)
The Microsoft Team Foundation or Azure DevOps Server is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A Cross-site Scripting XSS vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker could...
Microsoft Team Foundation Server CVE-2019-1076 Cross Site Scripting Vulnerability
Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Information disclosure
An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'...
CVE-2019-0971
An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'...
Security Updates for Microsoft Team Foundation Server / Azure DevOps Server (May 2019)
The Microsoft Team Foundation Server or Azure DevOps Server is missing security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially...
Security Updates for Microsoft Team Foundation Server / Azure DevOps Server (April 2019)
The Microsoft Team Foundation Server or Azure DevOps Server installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project...
Microsoft Team Foundation Server CVE-2019-0867 Cross Site Scripting Vulnerability
Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Microsoft Team Foundation Server CVE-2019-0777 Cross Site Scripting Vulnerability
Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Security Updates for Microsoft Team Foundation Server (March 2019)
The Microsoft Team Foundation Server installation on the remote host is missing a security update. It is, therefore, affected by a cross- site scripting XSS vulnerability that exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker could exploi...
Security Updates for Microsoft Team Foundation Server (February 2019)
The Microsoft Team Foundation Server installation on the remote host is missing security updates. It is, therefore, affected by multiple cross-site scripting vulnerabilities. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation...