Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities found for Azure DevOps Server 2019.0.1 by Microsoft

    CVE-2023-38155 (GCVE-0-2023-38155)

    Vulnerability from nvd – Published: 2023-09-12 16:58 – Updated: 2025-10-30 18:18
    VLAI
    Title
    Azure DevOps Server Remote Code Execution Vulnerability
    Summary
    Azure DevOps Server Remote Code Execution Vulnerability
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Date Public
    2023-09-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:30:14.065Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Azure DevOps Server and Team Foundation Server Elevation of Privilege Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2019.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230601.3",
                  "status": "affected",
                  "version": "2019.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2022.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230825.4",
                  "status": "affected",
                  "version": "2022.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2020.1.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230823.1",
                  "status": "affected",
                  "version": "2020.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230825.1",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2020.0.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230820.2",
                  "status": "affected",
                  "version": "2020.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "20230601.3",
                      "versionStartIncluding": "2019.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230825.4",
                      "versionStartIncluding": "2022.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230823.1",
                      "versionStartIncluding": "2020.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230825.1",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230820.2",
                      "versionStartIncluding": "2020.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-09-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure DevOps Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-30T18:18:06.568Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure DevOps Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155"
            }
          ],
          "title": "Azure DevOps Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-38155",
        "datePublished": "2023-09-12T16:58:37.646Z",
        "dateReserved": "2023-07-12T23:41:45.861Z",
        "dateUpdated": "2025-10-30T18:18:06.568Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-33136 (GCVE-0-2023-33136)

    Vulnerability from nvd – Published: 2023-09-12 16:58 – Updated: 2025-10-30 18:17
    VLAI
    Title
    Azure DevOps Server Remote Code Execution Vulnerability
    Summary
    Azure DevOps Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Impacted products
    Date Public
    2023-09-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-22T20:13:06.923996Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-22T20:13:09.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.005Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Azure DevOps Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2020.0.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230820.2",
                  "status": "affected",
                  "version": "2020.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230825.1",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2020.1.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230823.1",
                  "status": "affected",
                  "version": "2020.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2022.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230825.4",
                  "status": "affected",
                  "version": "2022.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2019.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230601.3",
                  "status": "affected",
                  "version": "2019.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230820.2",
                      "versionStartIncluding": "2020.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230825.1",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230823.1",
                      "versionStartIncluding": "2020.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230825.4",
                      "versionStartIncluding": "2022.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "20230601.3",
                      "versionStartIncluding": "2019.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-09-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure DevOps Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-30T18:17:40.891Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure DevOps Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136"
            }
          ],
          "title": "Azure DevOps Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-33136",
        "datePublished": "2023-09-12T16:58:34.967Z",
        "dateReserved": "2023-05-17T21:16:44.896Z",
        "dateUpdated": "2025-10-30T18:17:40.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-36869 (GCVE-0-2023-36869)

    Vulnerability from nvd – Published: 2023-08-08 17:08 – Updated: 2025-01-01 01:59
    VLAI
    Title
    Azure DevOps Server Spoofing Vulnerability
    Summary
    Azure DevOps Server Spoofing Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Date Public
    2023-08-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36869",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T17:06:43.487941Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T17:07:00.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:01:09.841Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Azure DevOps Server Spoofing Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230601.1",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2020.1.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230601.3",
                  "status": "affected",
                  "version": "2020.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2022.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230602.5",
                  "status": "affected",
                  "version": "2022.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2019.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230721.6",
                  "status": "affected",
                  "version": "2019.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230601.1",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230601.3",
                      "versionStartIncluding": "2020.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230602.5",
                      "versionStartIncluding": "2022.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "20230721.6",
                      "versionStartIncluding": "2019.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-08-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure DevOps Server Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:59:07.427Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure DevOps Server Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869"
            }
          ],
          "title": "Azure DevOps Server Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36869",
        "datePublished": "2023-08-08T17:08:19.962Z",
        "dateReserved": "2023-06-27T20:26:38.144Z",
        "dateUpdated": "2025-01-01T01:59:07.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27067 (GCVE-0-2021-27067)

    Vulnerability from nvd – Published: 2021-04-13 19:32 – Updated: 2024-08-03 20:40
    VLAI
    Title
    Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
    Summary
    Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Azure DevOps Server 2019.0.1 Affected: 2019.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Team Foundation Server 2017 Update 3.1 Affected: 3.0 , < publication (custom)
        cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Team Foundation Server 2018 Update 1.2 Affected: 1.0 , < publication (custom)
        cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Team Foundation Server 2018 Update 3.2 Affected: 3.0 , < publication (custom)
        cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Team Foundation Server 2015 Update 4.2 Affected: 4.0 , < publication (custom)
        cpe:2.3:a:microsoft:team_foundation_server:2015:4.2:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Azure DevOps Server 2019 Update 1 Affected: 0 , < publication (custom)
        cpe:2.3:o:microsoft:azure_devops_server:2019:update1:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Azure DevOps Server 2019 Update 1.1 Affected: 1.0 , < publication (custom)
        cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Azure DevOps Server 2020 Affected: 2020 , < publication (custom)
        cpe:2.3:o:microsoft:azure_devops_server:2020:-:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2021-04-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:40:47.234Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2019.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "2019.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Team Foundation Server 2017 Update 3.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Team Foundation Server 2018 Update 1.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Team Foundation Server 2018 Update 3.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:team_foundation_server:2015:4.2:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Team Foundation Server 2015 Update 4.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:azure_devops_server:2019:update1:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2019 Update 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2019 Update 1.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:azure_devops_server:2020:-:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2020",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "2020",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-04-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-29T19:20:58.637Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067"
            }
          ],
          "title": "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-27067",
        "datePublished": "2021-04-13T19:32:37.000Z",
        "dateReserved": "2021-02-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:40:47.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-17145 (GCVE-0-2020-17145)

    Vulnerability from nvd – Published: 2020-12-09 23:36 – Updated: 2026-06-09 18:08
    VLAI
    Title
    Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
    Summary
    Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
    CWE
    • Spoofing
    Assigner
    References
    Date Public
    2020-12-08 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:53:17.076Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17145"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Azure DevOps Server 2019 Update 1.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Azure DevOps Server 2019.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "2019.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Azure DevOps Server 2020",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "2020",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Team Foundation Server 2015 Update 4.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Team Foundation Server 2017 Update 3.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Team Foundation Server 2018 Update 1.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Team Foundation Server 2018 Update 3.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "2019.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:team_foundation_server_2017:*:3.1:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:team_foundation_server_2018:*:1.2:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:team_foundation_server_2018:*:3.2:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:team_foundation_server_2015:*:4.2:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:update1.1:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_devops_server_2020:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "2020",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2020-12-08T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:08:15.700Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17145"
            }
          ],
          "title": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-17145",
        "datePublished": "2020-12-09T23:36:56.000Z",
        "dateReserved": "2020-08-04T00:00:00.000Z",
        "dateUpdated": "2026-06-09T18:08:15.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-17135 (GCVE-0-2020-17135)

    Vulnerability from nvd – Published: 2020-12-09 23:36 – Updated: 2026-06-09 18:07
    VLAI
    Title
    Azure DevOps Server Spoofing Vulnerability
    Summary
    Azure DevOps Server Spoofing Vulnerability
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Azure DevOps Server 2019 Update 1.1 Affected: 1.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Azure DevOps Server 2019.0.1 Affected: 2019.0.0 , < publication (custom)
    Create a notification for this product.
    Date Public
    2020-12-08 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:53:17.075Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17135"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Azure DevOps Server 2019 Update 1.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Azure DevOps Server 2019.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "2019.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:update1.1:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "2019.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2020-12-08T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure DevOps Server Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:07:52.298Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure DevOps Server Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17135"
            }
          ],
          "title": "Azure DevOps Server Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-17135",
        "datePublished": "2020-12-09T23:36:51.000Z",
        "dateReserved": "2020-08-04T00:00:00.000Z",
        "dateUpdated": "2026-06-09T18:07:52.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-38155 (GCVE-0-2023-38155)

    Vulnerability from cvelistv5 – Published: 2023-09-12 16:58 – Updated: 2025-10-30 18:18
    VLAI
    Title
    Azure DevOps Server Remote Code Execution Vulnerability
    Summary
    Azure DevOps Server Remote Code Execution Vulnerability
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Date Public
    2023-09-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:30:14.065Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Azure DevOps Server and Team Foundation Server Elevation of Privilege Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2019.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230601.3",
                  "status": "affected",
                  "version": "2019.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2022.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230825.4",
                  "status": "affected",
                  "version": "2022.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2020.1.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230823.1",
                  "status": "affected",
                  "version": "2020.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230825.1",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2020.0.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230820.2",
                  "status": "affected",
                  "version": "2020.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "20230601.3",
                      "versionStartIncluding": "2019.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230825.4",
                      "versionStartIncluding": "2022.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230823.1",
                      "versionStartIncluding": "2020.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230825.1",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230820.2",
                      "versionStartIncluding": "2020.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-09-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure DevOps Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-30T18:18:06.568Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure DevOps Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155"
            }
          ],
          "title": "Azure DevOps Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-38155",
        "datePublished": "2023-09-12T16:58:37.646Z",
        "dateReserved": "2023-07-12T23:41:45.861Z",
        "dateUpdated": "2025-10-30T18:18:06.568Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-33136 (GCVE-0-2023-33136)

    Vulnerability from cvelistv5 – Published: 2023-09-12 16:58 – Updated: 2025-10-30 18:17
    VLAI
    Title
    Azure DevOps Server Remote Code Execution Vulnerability
    Summary
    Azure DevOps Server Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Impacted products
    Date Public
    2023-09-12 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-22T20:13:06.923996Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-22T20:13:09.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.005Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Azure DevOps Server Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2020.0.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230820.2",
                  "status": "affected",
                  "version": "2020.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230825.1",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2020.1.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230823.1",
                  "status": "affected",
                  "version": "2020.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2022.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230825.4",
                  "status": "affected",
                  "version": "2022.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2019.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230601.3",
                  "status": "affected",
                  "version": "2019.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230820.2",
                      "versionStartIncluding": "2020.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230825.1",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230823.1",
                      "versionStartIncluding": "2020.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230825.4",
                      "versionStartIncluding": "2022.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "20230601.3",
                      "versionStartIncluding": "2019.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-09-12T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure DevOps Server Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-30T18:17:40.891Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure DevOps Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136"
            }
          ],
          "title": "Azure DevOps Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-33136",
        "datePublished": "2023-09-12T16:58:34.967Z",
        "dateReserved": "2023-05-17T21:16:44.896Z",
        "dateUpdated": "2025-10-30T18:17:40.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-36869 (GCVE-0-2023-36869)

    Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-01-01 01:59
    VLAI
    Title
    Azure DevOps Server Spoofing Vulnerability
    Summary
    Azure DevOps Server Spoofing Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Date Public
    2023-08-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36869",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T17:06:43.487941Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T17:07:00.868Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:01:09.841Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Azure DevOps Server Spoofing Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230601.1",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2020.1.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230601.3",
                  "status": "affected",
                  "version": "2020.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2022.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230602.5",
                  "status": "affected",
                  "version": "2022.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2019.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "20230721.6",
                  "status": "affected",
                  "version": "2019.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230601.1",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230601.3",
                      "versionStartIncluding": "2020.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "20230602.5",
                      "versionStartIncluding": "2022.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "20230721.6",
                      "versionStartIncluding": "2019.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-08-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure DevOps Server Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:59:07.427Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure DevOps Server Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869"
            }
          ],
          "title": "Azure DevOps Server Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36869",
        "datePublished": "2023-08-08T17:08:19.962Z",
        "dateReserved": "2023-06-27T20:26:38.144Z",
        "dateUpdated": "2025-01-01T01:59:07.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27067 (GCVE-0-2021-27067)

    Vulnerability from cvelistv5 – Published: 2021-04-13 19:32 – Updated: 2024-08-03 20:40
    VLAI
    Title
    Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
    Summary
    Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Azure DevOps Server 2019.0.1 Affected: 2019.0.0 , < publication (custom)
        cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Team Foundation Server 2017 Update 3.1 Affected: 3.0 , < publication (custom)
        cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Team Foundation Server 2018 Update 1.2 Affected: 1.0 , < publication (custom)
        cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Team Foundation Server 2018 Update 3.2 Affected: 3.0 , < publication (custom)
        cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Team Foundation Server 2015 Update 4.2 Affected: 4.0 , < publication (custom)
        cpe:2.3:a:microsoft:team_foundation_server:2015:4.2:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Azure DevOps Server 2019 Update 1 Affected: 0 , < publication (custom)
        cpe:2.3:o:microsoft:azure_devops_server:2019:update1:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Azure DevOps Server 2019 Update 1.1 Affected: 1.0 , < publication (custom)
        cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Azure DevOps Server 2020 Affected: 2020 , < publication (custom)
        cpe:2.3:o:microsoft:azure_devops_server:2020:-:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2021-04-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:40:47.234Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2019.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "2019.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:team_foundation_server:2017:3.1:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Team Foundation Server 2017 Update 3.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:team_foundation_server:2018:1.2:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Team Foundation Server 2018 Update 1.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:team_foundation_server:2018:3.2:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Team Foundation Server 2018 Update 3.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:team_foundation_server:2015:4.2:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Team Foundation Server 2015 Update 4.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:azure_devops_server:2019:update1:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2019 Update 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2019 Update 1.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:o:microsoft:azure_devops_server:2020:-:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure DevOps Server 2020",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "2020",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-04-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-29T19:20:58.637Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27067"
            }
          ],
          "title": "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-27067",
        "datePublished": "2021-04-13T19:32:37.000Z",
        "dateReserved": "2021-02-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:40:47.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-17145 (GCVE-0-2020-17145)

    Vulnerability from cvelistv5 – Published: 2020-12-09 23:36 – Updated: 2026-06-09 18:08
    VLAI
    Title
    Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
    Summary
    Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
    CWE
    • Spoofing
    Assigner
    References
    Date Public
    2020-12-08 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:53:17.076Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17145"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Azure DevOps Server 2019 Update 1.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Azure DevOps Server 2019.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "2019.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Azure DevOps Server 2020",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "2020",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Team Foundation Server 2015 Update 4.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Team Foundation Server 2017 Update 3.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Team Foundation Server 2018 Update 1.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Team Foundation Server 2018 Update 3.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "2019.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:team_foundation_server_2017:*:3.1:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:team_foundation_server_2018:*:1.2:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:team_foundation_server_2018:*:3.2:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:team_foundation_server_2015:*:4.2:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:update1.1:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_devops_server_2020:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "2020",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2020-12-08T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:08:15.700Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17145"
            }
          ],
          "title": "Azure DevOps Server and Team Foundation Services Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-17145",
        "datePublished": "2020-12-09T23:36:56.000Z",
        "dateReserved": "2020-08-04T00:00:00.000Z",
        "dateUpdated": "2026-06-09T18:08:15.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-17135 (GCVE-0-2020-17135)

    Vulnerability from cvelistv5 – Published: 2020-12-09 23:36 – Updated: 2026-06-09 18:07
    VLAI
    Title
    Azure DevOps Server Spoofing Vulnerability
    Summary
    Azure DevOps Server Spoofing Vulnerability
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Azure DevOps Server 2019 Update 1.1 Affected: 1.0 , < publication (custom)
    Create a notification for this product.
    Microsoft Azure DevOps Server 2019.0.1 Affected: 2019.0.0 , < publication (custom)
    Create a notification for this product.
    Date Public
    2020-12-08 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:53:17.075Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17135"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Azure DevOps Server 2019 Update 1.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Azure DevOps Server 2019.0.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "2019.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:update1.1:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_devops_server_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "publication",
                      "versionStartIncluding": "2019.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2020-12-08T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure DevOps Server Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:07:52.298Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure DevOps Server Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17135"
            }
          ],
          "title": "Azure DevOps Server Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-17135",
        "datePublished": "2020-12-09T23:36:51.000Z",
        "dateReserved": "2020-08-04T00:00:00.000Z",
        "dateUpdated": "2026-06-09T18:07:52.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }