Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for Azure DevOps Server 2019.0.1 by Microsoft
CVE-2023-38155 (GCVE-0-2023-38155)
Vulnerability from nvd – Published: 2023-09-12 16:58 – Updated: 2025-10-30 18:18
VLAI
EPSS
VEX
Title
Azure DevOps Server Remote Code Execution Vulnerability
Summary
Azure DevOps Server Remote Code Execution Vulnerability
Severity
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure DevOps Server 2019.0.1 |
Affected:
2019.0.0 , < 20230601.3
(custom)
|
|
| Microsoft | Azure DevOps Server 2022.0.1 |
Affected:
2022.0.0 , < 20230825.4
(custom)
|
|
| Microsoft | Azure DevOps Server 2020.1.2 |
Affected:
2020.1.0 , < 20230823.1
(custom)
|
|
| Microsoft | Azure DevOps Server |
Affected:
1.0.0 , < 20230825.1
(custom)
|
|
| Microsoft | Azure DevOps Server 2020.0.2 |
Affected:
2020.0.0 , < 20230820.2
(custom)
|
Date Public
2023-09-12 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure DevOps Server and Team Foundation Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230601.3",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2022.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230825.4",
"status": "affected",
"version": "2022.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020.1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230823.1",
"status": "affected",
"version": "2020.1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230825.1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020.0.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230820.2",
"status": "affected",
"version": "2020.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20230601.3",
"versionStartIncluding": "2019.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230825.4",
"versionStartIncluding": "2022.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230823.1",
"versionStartIncluding": "2020.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230825.1",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230820.2",
"versionStartIncluding": "2020.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-09-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:18:06.568Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure DevOps Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155"
}
],
"title": "Azure DevOps Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-38155",
"datePublished": "2023-09-12T16:58:37.646Z",
"dateReserved": "2023-07-12T23:41:45.861Z",
"dateUpdated": "2025-10-30T18:18:06.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-33136 (GCVE-0-2023-33136)
Vulnerability from nvd – Published: 2023-09-12 16:58 – Updated: 2025-10-30 18:17
VLAI
EPSS
VEX
Title
Azure DevOps Server Remote Code Execution Vulnerability
Summary
Azure DevOps Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure DevOps Server 2020.0.2 |
Affected:
2020.0.0 , < 20230820.2
(custom)
|
|
| Microsoft | Azure DevOps Server |
Affected:
1.0.0 , < 20230825.1
(custom)
|
|
| Microsoft | Azure DevOps Server 2020.1.2 |
Affected:
2020.1.0 , < 20230823.1
(custom)
|
|
| Microsoft | Azure DevOps Server 2022.0.1 |
Affected:
2022.0.0 , < 20230825.4
(custom)
|
|
| Microsoft | Azure DevOps Server 2019.0.1 |
Affected:
2019.0.0 , < 20230601.3
(custom)
|
Date Public
2023-09-12 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T20:13:06.923996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T20:13:09.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure DevOps Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020.0.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230820.2",
"status": "affected",
"version": "2020.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230825.1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020.1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230823.1",
"status": "affected",
"version": "2020.1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2022.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230825.4",
"status": "affected",
"version": "2022.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230601.3",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230820.2",
"versionStartIncluding": "2020.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230825.1",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230823.1",
"versionStartIncluding": "2020.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230825.4",
"versionStartIncluding": "2022.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20230601.3",
"versionStartIncluding": "2019.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-09-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:17:40.891Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure DevOps Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136"
}
],
"title": "Azure DevOps Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33136",
"datePublished": "2023-09-12T16:58:34.967Z",
"dateReserved": "2023-05-17T21:16:44.896Z",
"dateUpdated": "2025-10-30T18:17:40.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-36869 (GCVE-0-2023-36869)
Vulnerability from nvd – Published: 2023-08-08 17:08 – Updated: 2025-01-01 01:59
VLAI
EPSS
VEX
Title
Azure DevOps Server Spoofing Vulnerability
Summary
Azure DevOps Server Spoofing Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure DevOps Server |
Affected:
1.0.0 , < 20230601.1
(custom)
|
|
| Microsoft | Azure DevOps Server 2020.1.2 |
Affected:
2020.1.0 , < 20230601.3
(custom)
|
|
| Microsoft | Azure DevOps Server 2022.0.1 |
Affected:
2022.0.0 , < 20230602.5
(custom)
|
|
| Microsoft | Azure DevOps Server 2019.0.1 |
Affected:
2019.0.0 , < 20230721.6
(custom)
|
Date Public
2023-08-08 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T17:06:43.487941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T17:07:00.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure DevOps Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230601.1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020.1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230601.3",
"status": "affected",
"version": "2020.1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2022.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230602.5",
"status": "affected",
"version": "2022.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230721.6",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230601.1",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230601.3",
"versionStartIncluding": "2020.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230602.5",
"versionStartIncluding": "2022.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20230721.6",
"versionStartIncluding": "2019.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-08-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:59:07.427Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure DevOps Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869"
}
],
"title": "Azure DevOps Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36869",
"datePublished": "2023-08-08T17:08:19.962Z",
"dateReserved": "2023-06-27T20:26:38.144Z",
"dateUpdated": "2025-01-01T01:59:07.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27067 (GCVE-0-2021-27067)
Vulnerability from nvd – Published: 2021-04-13 19:32 – Updated: 2024-08-03 20:40
VLAI
EPSS
VEX
Title
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Summary
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Severity
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure DevOps Server 2019.0.1 |
Affected:
2019.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:* |
|
| Microsoft | Team Foundation Server 2017 Update 3.1 |
Affected:
3.0 , < publication
(custom)
cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:* |
|
| Microsoft | Team Foundation Server 2018 Update 1.2 |
Affected:
1.0 , < publication
(custom)
cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:* |
|
| Microsoft | Team Foundation Server 2018 Update 3.2 |
Affected:
3.0 , < publication
(custom)
cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:* |
|
| Microsoft | Team Foundation Server 2015 Update 4.2 |
Affected:
4.0 , < publication
(custom)
cpe:2.3:a:microsoft:team_foundation_server:2015:4.2:*:*:*:*:*:* |
|
| Microsoft | Azure DevOps Server 2019 Update 1 |
Affected:
0 , < publication
(custom)
cpe:2.3:o:microsoft:azure_devops_server:2019:update1:*:*:*:*:*:* |
|
| Microsoft | Azure DevOps Server 2019 Update 1.1 |
Affected:
1.0 , < publication
(custom)
cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:* |
|
| Microsoft | Azure DevOps Server 2020 |
Affected:
2020 , < publication
(custom)
cpe:2.3:o:microsoft:azure_devops_server:2020:-:*:*:*:*:*:* |
Date Public
2021-04-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2017 Update 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2018 Update 1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2018 Update 3.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2015:4.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2015 Update 4.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019:update1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019 Update 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2020:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T19:20:58.637Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067"
}
],
"title": "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-27067",
"datePublished": "2021-04-13T19:32:37.000Z",
"dateReserved": "2021-02-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:40:47.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17145 (GCVE-0-2020-17145)
Vulnerability from nvd – Published: 2020-12-09 23:36 – Updated: 2026-06-09 18:08
VLAI
EPSS
VEX
Title
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Summary
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Severity
CWE
- Spoofing
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISCx_transferred |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure DevOps Server 2019 Update 1.1 |
Affected:
1.0 , < publication
(custom)
|
|
| Microsoft | Azure DevOps Server 2019.0.1 |
Affected:
2019.0.0 , < publication
(custom)
|
|
| Microsoft | Azure DevOps Server 2020 |
Affected:
2020 , < publication
(custom)
|
|
| Microsoft | Team Foundation Server 2015 Update 4.2 |
Affected:
4.0 , < publication
(custom)
|
|
| Microsoft | Team Foundation Server 2017 Update 3.1 |
Affected:
3.0 , < publication
(custom)
|
|
| Microsoft | Team Foundation Server 2018 Update 1.2 |
Affected:
1.0 , < publication
(custom)
|
|
| Microsoft | Team Foundation Server 2018 Update 3.2 |
Affected:
3.0 , < publication
(custom)
|
Date Public
2020-12-08 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:17.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
},
{
"product": "Azure DevOps Server 2020",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"product": "Team Foundation Server 2015 Update 4.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"product": "Team Foundation Server 2017 Update 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"product": "Team Foundation Server 2018 Update 1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Team Foundation Server 2018 Update 3.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "2019.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:team_foundation_server_2017:*:3.1:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:team_foundation_server_2018:*:1.2:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:team_foundation_server_2018:*:3.2:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:team_foundation_server_2015:*:4.2:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:update1.1:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_devops_server_2020:*:-:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "2020",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2020-12-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T18:08:15.700Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17145"
}
],
"title": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-17145",
"datePublished": "2020-12-09T23:36:56.000Z",
"dateReserved": "2020-08-04T00:00:00.000Z",
"dateUpdated": "2026-06-09T18:08:15.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-17135 (GCVE-0-2020-17135)
Vulnerability from nvd – Published: 2020-12-09 23:36 – Updated: 2026-06-09 18:07
VLAI
EPSS
VEX
Title
Azure DevOps Server Spoofing Vulnerability
Summary
Azure DevOps Server Spoofing Vulnerability
Severity
CWE
- Spoofing
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISCx_transferred |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure DevOps Server 2019 Update 1.1 |
Affected:
1.0 , < publication
(custom)
|
|
| Microsoft | Azure DevOps Server 2019.0.1 |
Affected:
2019.0.0 , < publication
(custom)
|
Date Public
2020-12-08 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:17.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:update1.1:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "2019.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2020-12-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T18:07:52.298Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure DevOps Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17135"
}
],
"title": "Azure DevOps Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-17135",
"datePublished": "2020-12-09T23:36:51.000Z",
"dateReserved": "2020-08-04T00:00:00.000Z",
"dateUpdated": "2026-06-09T18:07:52.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-38155 (GCVE-0-2023-38155)
Vulnerability from cvelistv5 – Published: 2023-09-12 16:58 – Updated: 2025-10-30 18:18
VLAI
EPSS
VEX
Title
Azure DevOps Server Remote Code Execution Vulnerability
Summary
Azure DevOps Server Remote Code Execution Vulnerability
Severity
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure DevOps Server 2019.0.1 |
Affected:
2019.0.0 , < 20230601.3
(custom)
|
|
| Microsoft | Azure DevOps Server 2022.0.1 |
Affected:
2022.0.0 , < 20230825.4
(custom)
|
|
| Microsoft | Azure DevOps Server 2020.1.2 |
Affected:
2020.1.0 , < 20230823.1
(custom)
|
|
| Microsoft | Azure DevOps Server |
Affected:
1.0.0 , < 20230825.1
(custom)
|
|
| Microsoft | Azure DevOps Server 2020.0.2 |
Affected:
2020.0.0 , < 20230820.2
(custom)
|
Date Public
2023-09-12 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure DevOps Server and Team Foundation Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230601.3",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2022.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230825.4",
"status": "affected",
"version": "2022.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020.1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230823.1",
"status": "affected",
"version": "2020.1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230825.1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020.0.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230820.2",
"status": "affected",
"version": "2020.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20230601.3",
"versionStartIncluding": "2019.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230825.4",
"versionStartIncluding": "2022.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230823.1",
"versionStartIncluding": "2020.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230825.1",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230820.2",
"versionStartIncluding": "2020.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-09-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:18:06.568Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure DevOps Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155"
}
],
"title": "Azure DevOps Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-38155",
"datePublished": "2023-09-12T16:58:37.646Z",
"dateReserved": "2023-07-12T23:41:45.861Z",
"dateUpdated": "2025-10-30T18:18:06.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-33136 (GCVE-0-2023-33136)
Vulnerability from cvelistv5 – Published: 2023-09-12 16:58 – Updated: 2025-10-30 18:17
VLAI
EPSS
VEX
Title
Azure DevOps Server Remote Code Execution Vulnerability
Summary
Azure DevOps Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure DevOps Server 2020.0.2 |
Affected:
2020.0.0 , < 20230820.2
(custom)
|
|
| Microsoft | Azure DevOps Server |
Affected:
1.0.0 , < 20230825.1
(custom)
|
|
| Microsoft | Azure DevOps Server 2020.1.2 |
Affected:
2020.1.0 , < 20230823.1
(custom)
|
|
| Microsoft | Azure DevOps Server 2022.0.1 |
Affected:
2022.0.0 , < 20230825.4
(custom)
|
|
| Microsoft | Azure DevOps Server 2019.0.1 |
Affected:
2019.0.0 , < 20230601.3
(custom)
|
Date Public
2023-09-12 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T20:13:06.923996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T20:13:09.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure DevOps Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020.0.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230820.2",
"status": "affected",
"version": "2020.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230825.1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020.1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230823.1",
"status": "affected",
"version": "2020.1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2022.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230825.4",
"status": "affected",
"version": "2022.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230601.3",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230820.2",
"versionStartIncluding": "2020.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230825.1",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230823.1",
"versionStartIncluding": "2020.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230825.4",
"versionStartIncluding": "2022.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20230601.3",
"versionStartIncluding": "2019.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-09-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:17:40.891Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure DevOps Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136"
}
],
"title": "Azure DevOps Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-33136",
"datePublished": "2023-09-12T16:58:34.967Z",
"dateReserved": "2023-05-17T21:16:44.896Z",
"dateUpdated": "2025-10-30T18:17:40.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-36869 (GCVE-0-2023-36869)
Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-01-01 01:59
VLAI
EPSS
VEX
Title
Azure DevOps Server Spoofing Vulnerability
Summary
Azure DevOps Server Spoofing Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure DevOps Server |
Affected:
1.0.0 , < 20230601.1
(custom)
|
|
| Microsoft | Azure DevOps Server 2020.1.2 |
Affected:
2020.1.0 , < 20230601.3
(custom)
|
|
| Microsoft | Azure DevOps Server 2022.0.1 |
Affected:
2022.0.0 , < 20230602.5
(custom)
|
|
| Microsoft | Azure DevOps Server 2019.0.1 |
Affected:
2019.0.0 , < 20230721.6
(custom)
|
Date Public
2023-08-08 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T17:06:43.487941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T17:07:00.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure DevOps Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230601.1",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020.1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230601.3",
"status": "affected",
"version": "2020.1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2022.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230602.5",
"status": "affected",
"version": "2022.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "20230721.6",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230601.1",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230601.3",
"versionStartIncluding": "2020.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
"versionEndExcluding": "20230602.5",
"versionStartIncluding": "2022.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20230721.6",
"versionStartIncluding": "2019.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-08-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:59:07.427Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure DevOps Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869"
}
],
"title": "Azure DevOps Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36869",
"datePublished": "2023-08-08T17:08:19.962Z",
"dateReserved": "2023-06-27T20:26:38.144Z",
"dateUpdated": "2025-01-01T01:59:07.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27067 (GCVE-0-2021-27067)
Vulnerability from cvelistv5 – Published: 2021-04-13 19:32 – Updated: 2024-08-03 20:40
VLAI
EPSS
VEX
Title
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Summary
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Severity
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure DevOps Server 2019.0.1 |
Affected:
2019.0.0 , < publication
(custom)
cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:* |
|
| Microsoft | Team Foundation Server 2017 Update 3.1 |
Affected:
3.0 , < publication
(custom)
cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:* |
|
| Microsoft | Team Foundation Server 2018 Update 1.2 |
Affected:
1.0 , < publication
(custom)
cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:* |
|
| Microsoft | Team Foundation Server 2018 Update 3.2 |
Affected:
3.0 , < publication
(custom)
cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:* |
|
| Microsoft | Team Foundation Server 2015 Update 4.2 |
Affected:
4.0 , < publication
(custom)
cpe:2.3:a:microsoft:team_foundation_server:2015:4.2:*:*:*:*:*:* |
|
| Microsoft | Azure DevOps Server 2019 Update 1 |
Affected:
0 , < publication
(custom)
cpe:2.3:o:microsoft:azure_devops_server:2019:update1:*:*:*:*:*:* |
|
| Microsoft | Azure DevOps Server 2019 Update 1.1 |
Affected:
1.0 , < publication
(custom)
cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:* |
|
| Microsoft | Azure DevOps Server 2020 |
Affected:
2020 , < publication
(custom)
cpe:2.3:o:microsoft:azure_devops_server:2020:-:*:*:*:*:*:* |
Date Public
2021-04-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2017 Update 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2018 Update 1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2018 Update 3.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:team_foundation_server:2015:4.2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Team Foundation Server 2015 Update 4.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019:update1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019 Update 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:azure_devops_server:2020:-:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2020",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T19:20:58.637Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067"
}
],
"title": "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-27067",
"datePublished": "2021-04-13T19:32:37.000Z",
"dateReserved": "2021-02-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:40:47.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17145 (GCVE-0-2020-17145)
Vulnerability from cvelistv5 – Published: 2020-12-09 23:36 – Updated: 2026-06-09 18:08
VLAI
EPSS
VEX
Title
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Summary
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Severity
CWE
- Spoofing
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISCx_transferred |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure DevOps Server 2019 Update 1.1 |
Affected:
1.0 , < publication
(custom)
|
|
| Microsoft | Azure DevOps Server 2019.0.1 |
Affected:
2019.0.0 , < publication
(custom)
|
|
| Microsoft | Azure DevOps Server 2020 |
Affected:
2020 , < publication
(custom)
|
|
| Microsoft | Team Foundation Server 2015 Update 4.2 |
Affected:
4.0 , < publication
(custom)
|
|
| Microsoft | Team Foundation Server 2017 Update 3.1 |
Affected:
3.0 , < publication
(custom)
|
|
| Microsoft | Team Foundation Server 2018 Update 1.2 |
Affected:
1.0 , < publication
(custom)
|
|
| Microsoft | Team Foundation Server 2018 Update 3.2 |
Affected:
3.0 , < publication
(custom)
|
Date Public
2020-12-08 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:17.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
},
{
"product": "Azure DevOps Server 2020",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"product": "Team Foundation Server 2015 Update 4.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"product": "Team Foundation Server 2017 Update 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
},
{
"product": "Team Foundation Server 2018 Update 1.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Team Foundation Server 2018 Update 3.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "2019.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:team_foundation_server_2017:*:3.1:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:team_foundation_server_2018:*:1.2:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:team_foundation_server_2018:*:3.2:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:team_foundation_server_2015:*:4.2:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:update1.1:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_devops_server_2020:*:-:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "2020",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2020-12-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T18:08:15.700Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17145"
}
],
"title": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-17145",
"datePublished": "2020-12-09T23:36:56.000Z",
"dateReserved": "2020-08-04T00:00:00.000Z",
"dateUpdated": "2026-06-09T18:08:15.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-17135 (GCVE-0-2020-17135)
Vulnerability from cvelistv5 – Published: 2020-12-09 23:36 – Updated: 2026-06-09 18:07
VLAI
EPSS
VEX
Title
Azure DevOps Server Spoofing Vulnerability
Summary
Azure DevOps Server Spoofing Vulnerability
Severity
CWE
- Spoofing
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISCx_transferred |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure DevOps Server 2019 Update 1.1 |
Affected:
1.0 , < publication
(custom)
|
|
| Microsoft | Azure DevOps Server 2019.0.1 |
Affected:
2019.0.0 , < publication
(custom)
|
Date Public
2020-12-08 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:17.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Azure DevOps Server 2019.0.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2019.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:update1.1:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "2019.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2020-12-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure DevOps Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T18:07:52.298Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure DevOps Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17135"
}
],
"title": "Azure DevOps Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-17135",
"datePublished": "2020-12-09T23:36:51.000Z",
"dateReserved": "2020-08-04T00:00:00.000Z",
"dateUpdated": "2026-06-09T18:07:52.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}