23 matches found
CVE-2019-1076
CVE-2019-1076 is a Cross-site Scripting (XSS) vulnerability affecting Microsoft Team Foundation Server and Azure DevOps Server. The issue arises when input is not properly sanitized, allowing an attacker to execute script in the context of the affected user. Public exploit activity is noted in th...
CVE-2019-1072
Azure DevOps Server and Team Foundation Server (TFS) are affected by a remote code execution vulnerability caused by improper handling of user input. Exploitation can occur when an attacker uploads a specially crafted file to an affected server, potentially allowing code execution in the context ...
CVE-2019-1306
CVE-2019-1306 is a remote code execution vulnerability affecting Azure DevOps Server and Team Foundation Server (TFS). The issue arises when the products fail to properly validate input, enabling an attacker to upload a specially crafted file to a vulnerable repo and cause indexing, which could l...
CVE-2019-1305
CVE-2019-1305 is a Cross-site Scripting (XSS) vulnerability in Team Foundation Server/Azure DevOps Server where user input is not properly sanitized. An authenticated attacker can send a crafted payload that executes in the user’s browser, enabling theft of credentials, reading restricted content...
CVE-2020-17145
CVE-2020-17145 affects Azure DevOps Server and Team Foundation Server/Services. The vulnerability is described as a Spoofing Vulnerability, with a MEDIUM severity (CVSSv3 base 5.4) and CVSSv2 base 4.9. Attack vector is network; no user interaction required for CVSSv2, but CVSSv3 indicates user in...
CVE-2021-27067
CVE-2021-27067 is an information-disclosure vulnerability in Azure DevOps Server and Team Foundation Server. According to PT-Security, the issue stems from memory-handling errors in the Team Foundation Services component, allowing a remote attacker to gain unauthorized access to protected informa...
CVE-2019-0870
Technical details about CVE-2019-0870 are not provided in the connected documents. The available data include a description of an XSS vulnerability in Azure DevOps Server/TFS and CVSS metrics. Monitor for updates.
CVE-2020-0758
CVE-2020-0758 describes an elevation of privilege in Azure DevOps Server and Team Foundation Services caused by improper handling of pipeline job tokens. The vulnerability enables an attacker to gain higher privileges via the token mechanism, with network-based access (CVSSv3.1: 7.5, HIGH; ATT&CK...
CVE-2020-0700
CVE-2020-0700 is a Cross-site Scripting (XSS) vulnerability in Azure DevOps Server where user input is not properly sanitized. The underlying issue is improper sanitization of inputs, allowing an authenticated attacker to send a crafted payload that executes in the context of the current user whe...
CVE-2018-8602
CVE-2018-8602 is a Cross-site Scripting (XSS) vulnerability in Team Foundation Server (TFS) where user input is not properly sanitized. The connected documents corroborate that an authenticated attacker could exploit this vulnerability by sending a crafted payload to TFS, resulting in script exec...
CVE-2019-0866
CVE-2019-0866 : Azure DevOps Server and Team Foundation Server are vulnerable to a cross-site scripting (XSS) issue caused by improper sanitization of user-provided input. Base scores (NVD CVSS v3.0: 6.1, MEDIUM) with NETWORK attack vector and UI required, indicating media risk but no full exploi...
CVE-2019-0971
CVE-2019-0971 affects Azure DevOps Server and Team Foundation Server. It is an information disclosure vulnerability caused by improper sanitization of a specially crafted authentication request, allowing an authenticated attacker to perform server-side requests and access sensitive information. T...
CVE-2019-0867
Azure DevOps Server and Team Foundation Server are affected by a Cross-site Scripting (XSS) vulnerability caused by improper validation/sanitization of user input. The CNVD entries describe a vulnerability where attacker-controlled input could execute scripts in the security context of the curren...
CVE-2019-0979
Technical details (affected products, versions, root cause, exploitability) are not publicly provided in the connected documents; monitor for updates.
CVE-2019-0872
CVE-2019-0872 is an XSS vulnerability in Microsoft’s Azure DevOps Server and Team Foundation Server caused by improper sanitization/validation of client-side input in the WEB application. The linked Red Hat entry confirms the root cause as a lack of proper input validation leading to cross-site s...
CVE-2019-0777
CVE-2019-0777 is a Cross-site Scripting (XSS) vulnerability in Microsoft Team Foundation Server (TFS). The root cause is improper sanitization of user input in TFS, enabling an attacker to run script in the context of a logged-in user. Affected products include Team Foundation Server, with specif...
CVE-2019-0871
Azure DevOps Server and Team Foundation Server are affected by a cross-site scripting (XSS) vulnerability due to insufficient validation of user-supplied input. An attacker could exploit this to run scripts in the security context of the current user. CNVD entries describe the issue but do not pr...
CVE-2019-0868
Affected products: Azure DevOps Server and Team Foundation Server (TFS). Vulnerability type: Cross‑Site Scripting (XSS) caused by improper validation of user‑supplied input. Impact (as described): Potential for an attacker to execute scripts in the security context of the current user. Root cause...
CVE-2019-0743
Technical details (affected products/versions/root cause/impact/fix) for CVE-2019-0743 are not publicly available in the provided connected documents. Monitor for updates to external advisories and CVE records.
CVE-2019-0646
The issue is a real CVE: CVE-2019-0646 is a Cross-site Scripting (XSS) vulnerability in Team Foundation Server caused by improper sanitization of user input. An authenticated attacker could exploit a crafted payload to execute scripts in the context of the logged-in user, potentially reading cont...
CVE-2019-0742
CVE-2019-0742 is a Cross-site Scripting (XSS) vulnerability in Microsoft Team Foundation Server (TFS) where input was not properly sanitized. Connected CNVD data specifies affected software as Microsoft Team Foundation Server 2018 Update version 3.2, with the root cause being failure to properly ...
CVE-2018-8529
CVE-2018-8529 : A remote code execution vulnerability exists in Team Foundation Server (TFS) where basic authorization is not enabled on the communication between TFS and the Search services. The underlying issue allows an attacker to execute commands on the Search service. Microsoft’s security u...
CVE-2019-0647
CVE-2019-0647 affects Microsoft Team Foundation Server (TFS) and stems from improper handling of variables marked as secret. An authenticated attacker could view other users’ hidden secret variables by creating a task group with a secret-containing task. Affected products include TFS 2017 Update ...