40 matches found
CVE-2023-38155
PT-2023-5165 reports a vulnerability in Azure DevOps Server and Team Foundation Server related to the deserialization mechanism in MachinePropertyBag, allowing arbitrary code execution and potential local privilege escalation. Affected versions are not specified in the entry. No patch details are...
CVE-2023-33136
CVE-2023-33136 is an Azure DevOps Server remote code execution vulnerability with a base CVSS v3.1 score of 8.8 (HIGH). Multiple connected sources describe RCE via insufficient input validation and list affected Azure DevOps Server versions, including 2019.0.1, 2019.1.2, 2020.0.2, 2020.1.2, and 2...
CVE-2024-20667
CVE-2024-20667 is an Azure DevOps Server remote code execution vulnerability. Connected docs confirm it affects Azure DevOps Server versions including 2022.1, 2019.1.2, and 2020.1.2, with root cause described as insufficient input validation (per PT-2024-1652). The vulnerability enables remote co...
CVE-2023-21553
CVE-2023-21553 is an Azure DevOps Server remote code execution vulnerability. Connected sources identify it as affecting Azure DevOps Server (and Team Foundation Server) with references to in-product security updates and remediation guidance. Documented details consistently describe an RCE impact...
CVE-2019-1076
CVE-2019-1076 is a Cross-site Scripting (XSS) vulnerability affecting Microsoft Team Foundation Server and Azure DevOps Server. The issue arises when input is not properly sanitized, allowing an attacker to execute script in the context of the affected user. Public exploit activity is noted in th...
CVE-2019-1072
Azure DevOps Server and Team Foundation Server (TFS) are affected by a remote code execution vulnerability caused by improper handling of user input. Exploitation can occur when an attacker uploads a specially crafted file to an affected server, potentially allowing code execution in the context ...
CVE-2021-28459
CVE-2021-28459 affects Microsoft Azure DevOps Server on-premises (Azure DevOps Server 2020.0.1). Described as a cross-site scripting vulnerability (spoofing vulnerability) in the Azure DevOps Server component; publicly documented exploit discussion exists (e.g., SEC Consult entry). The fixed vers...
CVE-2023-21565
CVE-2023-21565 : Azure DevOps Server spoofing vulnerability with CVSS 3.1 base score 7.1 (HIGH). Public exploits exist. Affected products across connected sources include Azure DevOps Server 2022, Azure DevOps Server 2020.1.2, and Azure DevOps Server 2022.0.1. The vulnerability is a server-side s...
CVE-2023-36869
CVE-2023-36869 corresponds to a spoofing vulnerability in Microsoft Azure DevOps Server. Connected sources specify that the flaw allows an attacker to pretend to be another user, i.e., UI spoofing, with CVSS v3.1 base metrics: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L (base 6.3). The vulnerability is c...
CVE-2023-21564
CVE-2023-21564 – Azure DevOps Server Cross‑Site Scripting is documented as a XSS vulnerability affecting Azure DevOps Server (incl. 2022). The vulnerability enables data exposure via XSS affecting the current user context; the exact vulnerable component/file is not specified in the provided docum...
CVE-2019-1306
CVE-2019-1306 is a remote code execution vulnerability affecting Azure DevOps Server and Team Foundation Server (TFS). The issue arises when the products fail to properly validate input, enabling an attacker to upload a specially crafted file to a vulnerable repo and cause indexing, which could l...
CVE-2019-1305
CVE-2019-1305 is a Cross-site Scripting (XSS) vulnerability in Team Foundation Server/Azure DevOps Server where user input is not properly sanitized. An authenticated attacker can send a crafted payload that executes in the user’s browser, enabling theft of credentials, reading restricted content...
CVE-2019-0857
Azure DevOps Server / Team Foundation Server (2019) is affected by CVE-2019-0857, a spoofing vulnerability caused by improper sanitization of user input. The Red Hat and Microsoft advisories describe an attacker with authentication exploiting a crafted payload to bypass security measures and load...
CVE-2020-17145
CVE-2020-17145 affects Azure DevOps Server and Team Foundation Server/Services. The vulnerability is described as a Spoofing Vulnerability, with a MEDIUM severity (CVSSv3 base 5.4) and CVSSv2 base 4.9. Attack vector is network; no user interaction required for CVSSv2, but CVSSv3 indicates user in...
CVE-2023-21569
CVE-2023-21569 is a spoofing vulnerability in Microsoft Azure DevOps Server. Connected sources corroborate that multiple Azure DevOps Server versions are affected (notably 2020.1.2 and 2022/2022.0.1 per CNNVD), with the issue enabling spoofing of the user interface and potentially exposing data i...
CVE-2020-17135
CVE-2020-17135 is a spoofing vulnerability in Azure DevOps Server/TFS identified as CVSS according to NVD and Microsoft; exploitation could enable spoofing of user interface and impersonation of another user. Affected products include Azure DevOps Server and Team Foundation Server across several ...
CVE-2021-27067
CVE-2021-27067 is an information-disclosure vulnerability in Azure DevOps Server and Team Foundation Server. According to PT-Security, the issue stems from memory-handling errors in the Team Foundation Services component, allowing a remote attacker to gain unauthorized access to protected informa...
CVE-2019-0870
Technical details about CVE-2019-0870 are not provided in the connected documents. The available data include a description of an XSS vulnerability in Azure DevOps Server/TFS and CVSS metrics. Monitor for updates.
CVE-2024-35266
Azure DevOps Server Spoofing Vulnerability (CVE-2024-35266) affects Microsoft Azure DevOps Server/TFS. The incident arises from a spoofing flaw in the server, enabling a threat actor to impersonate another user over the network. The CVSS v3.1 base score is 7.6 (HIGH), with network access required...
CVE-2019-0996
CVE-2019-0996 affects Microsoft Azure DevOps Server and describes a cross-site request forgery (CSRF/XSRF) flaw in how application registration requests are handled. The underlying issue could allow an attacker to bypass OAuth protections and register an application on behalf of a targeted user i...
CVE-2020-0758
CVE-2020-0758 describes an elevation of privilege in Azure DevOps Server and Team Foundation Services caused by improper handling of pipeline job tokens. The vulnerability enables an attacker to gain higher privileges via the token mechanism, with network-based access (CVSSv3.1: 7.5, HIGH; ATT&CK...
CVE-2020-1325
CVE-2020-1325 affects Microsoft Azure DevOps Server and Team Foundation Server/Services, with a spoofing vulnerability in the Team Foundation/DevOps UI that can allow impersonation or UI spoofing. Affected products include Azure DevOps Server and Visual Studio/DevOps components; the issue is repo...
CVE-2020-0700
CVE-2020-0700 is a Cross-site Scripting (XSS) vulnerability in Azure DevOps Server where user input is not properly sanitized. The underlying issue is improper sanitization of inputs, allowing an authenticated attacker to send a crafted payload that executes in the context of the current user whe...
CVE-2020-0815
Technical details about CVE-2020-0815 are not provided in the connected documents. The initial entry describes an elevation of privilege related to Azure DevOps pipeline tokens but lacks vulnerable component/version specifics. Monitor for updates.
CVE-2020-1326
CVE-2020-1326 is an XSS flaw in Azure DevOps Server caused by improper sanitization of user-supplied input. Reports in multiple sources (MSRC advisory) describe an authenticated attacker able to trigger cross-site scripting in the context of the affected user. The vulnerability affects Azure DevO...
CVE-2020-1327
CVE-2020-1327 is an HTML injection spoofing vulnerability in Microsoft Azure DevOps Server, arising when the server fails to properly sanitize user inputs in web requests. Root cause: improper handling/sanitization leading to script or content injection and potential user deception (e.g., popups,...
CVE-2023-36561
CVE-2023-36561 affects Azure DevOps Server and is described as an Elevation of Privilege vulnerability. Multiple sources (NVD/NCSC and vendor advisories) list affected products including Azure DevOps Server 2020.x/2022.x variants and indicate the vulnerability enables an attacker to obtain higher...
CVE-2019-0866
CVE-2019-0866 : Azure DevOps Server and Team Foundation Server are vulnerable to a cross-site scripting (XSS) issue caused by improper sanitization of user-provided input. Base scores (NVD CVSS v3.0: 6.1, MEDIUM) with NETWORK attack vector and UI required, indicating media risk but no full exploi...
CVE-2019-0869
CVE-2019-0869 affects Microsoft Azure DevOps Server (and related Team Foundation Server deployments) where HTML injection/s spoofing can occur due to improper handling of web inputs. The root cause is insufficient sanitization of user-supplied input in web requests, enabling attacker-controlled H...
CVE-2019-0971
CVE-2019-0971 affects Azure DevOps Server and Team Foundation Server. It is an information disclosure vulnerability caused by improper sanitization of a specially crafted authentication request, allowing an authenticated attacker to perform server-side requests and access sensitive information. T...
CVE-2019-0867
Azure DevOps Server and Team Foundation Server are affected by a Cross-site Scripting (XSS) vulnerability caused by improper validation/sanitization of user input. The CNVD entries describe a vulnerability where attacker-controlled input could execute scripts in the security context of the curren...
CVE-2019-0872
CVE-2019-0872 is an XSS vulnerability in Microsoft’s Azure DevOps Server and Team Foundation Server caused by improper sanitization/validation of client-side input in the WEB application. The linked Red Hat entry confirms the root cause as a lack of proper input validation leading to cross-site s...
CVE-2019-0979
Technical details (affected products, versions, root cause, exploitability) are not publicly provided in the connected documents; monitor for updates.
CVE-2019-0875
Azure DevOps Server 2019 is affected by CVE-2019-0875, an elevation of privilege due to improper enforcement of project permissions. Multiple connected sources (including Red Hat, CNVD, NVD, and Microsoft MSRC entries) corroborate that an attacker with access to a project could exploit a crafted ...
CVE-2019-0871
Azure DevOps Server and Team Foundation Server are affected by a cross-site scripting (XSS) vulnerability due to insufficient validation of user-supplied input. An attacker could exploit this to run scripts in the security context of the current user. CNVD entries describe the issue but do not pr...
CVE-2023-21751
CVE-2023-21751 is a spoofing vulnerability in Azure DevOps Server with documented UI spoofing issues. Public details in connected documents indicate exploitation via manipulation of the user interface, potentially bypassing security restrictions and, in one source, enabling cross-site scripting. ...
CVE-2019-0868
Affected products: Azure DevOps Server and Team Foundation Server (TFS). Vulnerability type: Cross‑Site Scripting (XSS) caused by improper validation of user‑supplied input. Impact (as described): Potential for an attacker to execute scripts in the security context of the current user. Root cause...
CVE-2024-35267
CVE-2024-35267 is Azure DevOps Server Spoofing Vulnerability. Connected docs confirm a vulnerability in Azure DevOps Server enabling spoofing/impersonation of other users (CVE-2024-35267; CVSSv3 base 7.6, AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L). Microsoft’s accompanying advisories indicate updates a...
CVE-2019-0874
CVE-2019-0874 is an XSS vulnerability in Microsoft Azure DevOps Server (and Team Foundation Server variants) caused by inadequate sanitization of user input. Exploitation could occur when an authenticated user is served a crafted payload, allowing client-side script execution in the context of th...
CVE-2026-21512
CVE-2026-21512 describes a server-side request forgery vulnerability in Azure DevOps Server . The connected documents consistently state an SSRF issue that enables an authorized attacker to perform spoofing over a network , effectively allowing impersonation of another user within affected compon...