All the vulnerabilites related to Microsoft - Azure DevOps Server 2019 Update 1.1
cve-2020-1327
Vulnerability from cvelistv5
Published
2020-06-09 19:44
Modified
2024-08-04 06:32
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:32:01.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka \u0027Azure DevOps Server HTML Injection Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:44:10",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka \u0027Azure DevOps Server HTML Injection Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1327",
"datePublished": "2020-06-09T19:44:10",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:32:01.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-17135
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Azure DevOps Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17135 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:17.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-12-08T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T17:59:47.232Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17135"
}
],
"title": "Azure DevOps Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-17135",
"datePublished": "2020-12-09T23:36:51",
"dateReserved": "2020-08-04T00:00:00",
"dateUpdated": "2024-08-04T13:53:17.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1325
Vulnerability from cvelistv5
Published
2020-11-11 06:48
Modified
2024-09-10 15:52
Severity ?
EPSS score ?
Summary
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1325 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft | Azure DevOps Server 2019 Update 1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:32:00.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-11-10T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:52:08.814Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1325"
}
],
"title": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1325",
"datePublished": "2020-11-11T06:48:40",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-09-10T15:52:08.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-0700
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:11
Severity ?
EPSS score ?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:05.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 3.2"
},
{
"status": "affected",
"version": "Update 1.2"
}
]
},
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T15:48:04",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 3.2"
},
{
"version_value": "Update 1.2"
}
]
}
},
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0700",
"datePublished": "2020-03-12T15:48:04",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:05.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1326
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:32
Severity ?
EPSS score ?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:32:00.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T22:54:02",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1326",
"datePublished": "2020-07-14T22:54:02",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:32:00.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27067
Vulnerability from cvelistv5
Published
2021-04-13 19:32
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2017 Update 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2018 Update 1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2018 Update 3.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2015:4.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2015 Update 4.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019:update1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019 Update 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2020:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-13T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T19:20:58.637Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067"
}
],
"title": "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-27067",
"datePublished": "2021-04-13T19:32:37",
"dateReserved": "2021-02-10T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-0815
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0815 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft | Azure DevOps Server 2019 Update 1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0758."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T15:48:27",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0758."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0815",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0815",
"datePublished": "2020-03-12T15:48:27",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-0758
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:05.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0815."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T15:48:05",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0815."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0758",
"datePublished": "2020-03-12T15:48:05",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:05.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-17145
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17145 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:17.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2017 Update 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2018 Update 1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2018 Update 3.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2015:4.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2015 Update 4.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2020:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-12-08T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T18:00:10.267Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17145"
}
],
"title": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-17145",
"datePublished": "2020-12-09T23:36:56",
"dateReserved": "2020-08-04T00:00:00",
"dateUpdated": "2024-08-04T13:53:17.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}