Vulnerabilites related to Microsoft - Azure DevOps Server 2019 Update 1.1
CVE-2020-1326 (GCVE-0-2020-1326)
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Azure DevOps Server |
Version: 2019.0.1 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:32:00.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T22:54:02",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1326",
"datePublished": "2020-07-14T22:54:02",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:32:00.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0815 (GCVE-0-2020-0815)
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Azure DevOps Server 2019 Update 1.1 |
Version: unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0758."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T15:48:27",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0758."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0815",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0815",
"datePublished": "2020-03-12T15:48:27",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0700 (GCVE-0-2020-0700)
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Azure DevOps Server |
Version: 2019.0.1 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:05.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 3.2"
},
{
"status": "affected",
"version": "Update 1.2"
}
]
},
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T15:48:04",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 3.2"
},
{
"version_value": "Update 1.2"
}
]
}
},
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0700",
"datePublished": "2020-03-12T15:48:04",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:05.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1327 (GCVE-0-2020-1327)
Vulnerability from cvelistv5
Published
2020-06-09 19:44
Modified
2024-08-04 06:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Azure DevOps Server |
Version: 2019.0.1 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:32:01.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka \u0027Azure DevOps Server HTML Injection Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:44:10",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka \u0027Azure DevOps Server HTML Injection Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1327",
"datePublished": "2020-06-09T19:44:10",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:32:01.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17135 (GCVE-0-2020-17135)
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
Azure DevOps Server Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Azure DevOps Server 2019 Update 1.1 |
Version: 1.0 < publication cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:* |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:17.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-12-08T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T17:59:47.232Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17135"
}
],
"title": "Azure DevOps Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-17135",
"datePublished": "2020-12-09T23:36:51",
"dateReserved": "2020-08-04T00:00:00",
"dateUpdated": "2024-08-04T13:53:17.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0758 (GCVE-0-2020-0758)
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Team Foundation Server 2018 |
Version: Update 1.2 Version: Update 3.2 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:05.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0815."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T15:48:05",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0815."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0758",
"datePublished": "2020-03-12T15:48:05",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:05.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17145 (GCVE-0-2020-17145)
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Azure DevOps Server 2019.0.1 |
Version: 2019.0.0 < publication cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:17.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2017 Update 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2018 Update 1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2018 Update 3.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2015:4.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2015 Update 4.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2020:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-12-08T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T18:00:10.267Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17145"
}
],
"title": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-17145",
"datePublished": "2020-12-09T23:36:56",
"dateReserved": "2020-08-04T00:00:00",
"dateUpdated": "2024-08-04T13:53:17.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1325 (GCVE-0-2020-1325)
Vulnerability from cvelistv5
Published
2020-11-11 06:48
Modified
2024-09-10 15:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Azure DevOps Server 2019 Update 1.1 |
Version: 1.0 < publication cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:32:00.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-11-10T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:52:08.814Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1325"
}
],
"title": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1325",
"datePublished": "2020-11-11T06:48:40",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-10T15:52:08.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27067 (GCVE-0-2021-27067)
Vulnerability from cvelistv5
Published
2021-04-13 19:32
Modified
2024-08-03 20:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Azure DevOps Server 2019.0.1 |
Version: 2019.0.0 < publication cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2017 Update 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2018 Update 1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2018 Update 3.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2015:4.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2015 Update 4.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019:update1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019 Update 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2020:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T19:20:58.637Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067"
}
],
"title": "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-27067",
"datePublished": "2021-04-13T19:32:37",
"dateReserved": "2021-02-10T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}