Vulnerabilites related to Microsoft - Azure DevOps Server 2019 Update 1
CVE-2021-27067 (GCVE-0-2021-27067)
Vulnerability from cvelistv5
Published
2021-04-13 19:32
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Azure DevOps Server 2019.0.1 |
Version: 2019.0.0 < publication cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:40:47.234Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Azure DevOps Server 2019.0.1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "2019.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Team Foundation Server 2017 Update 3.1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "3.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Team Foundation Server 2018 Update 1.2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "1.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Team Foundation Server 2018 Update 3.2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "3.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:team_foundation_server:2015:4.2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Team Foundation Server 2015 Update 4.2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "4.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:azure_devops_server:2019:update1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Azure DevOps Server 2019 Update 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Azure DevOps Server 2019 Update 1.1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "1.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:microsoft:azure_devops_server:2020:-:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Azure DevOps Server 2020", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "2020", versionType: "custom", }, ], }, ], datePublic: "2021-04-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T19:20:58.637Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067", }, ], title: "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-27067", datePublished: "2021-04-13T19:32:37", dateReserved: "2021-02-10T00:00:00", dateUpdated: "2024-08-03T20:40:47.234Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1306 (GCVE-0-2019-1306)
Vulnerability from cvelistv5
Published
2019-09-11 21:25
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Team Foundation Server 2018 |
Version: Update 3.2 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:30.435Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Team Foundation Server 2018", vendor: "Microsoft", versions: [ { status: "affected", version: "Update 3.2", }, ], }, { product: "Azure DevOps Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019.0.1", }, ], }, { product: "Azure DevOps Server 2019 Update 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-11T21:25:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1306", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Team Foundation Server 2018", version: { version_data: [ { version_value: "Update 3.2", }, ], }, }, { product_name: "Azure DevOps Server", version: { version_data: [ { version_value: "2019.0.1", }, ], }, }, { product_name: "Azure DevOps Server 2019 Update 1", version: { version_data: [ { version_value: "", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1306", datePublished: "2019-09-11T21:25:01", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:30.435Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }