Search criteria
34 vulnerabilities found for Team Foundation Server 2018 by Microsoft
CVE-2020-0758 (GCVE-0-2020-0758)
Vulnerability from cvelistv5 – Published: 2020-03-12 15:48 – Updated: 2024-08-04 06:11
VLAI?
Summary
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.
Severity ?
No CVSS data available.
CWE
- Elevation of Privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server 2018 |
Affected:
Update 1.2
Affected: Update 3.2 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:05.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0815."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T15:48:05",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0815."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0758",
"datePublished": "2020-03-12T15:48:05",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:05.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0700 (GCVE-0-2020-0700)
Vulnerability from cvelistv5 – Published: 2020-03-12 15:48 – Updated: 2024-08-04 06:11
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Azure DevOps Server |
Affected:
2019.0.1
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:05.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 3.2"
},
{
"status": "affected",
"version": "Update 1.2"
}
]
},
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T15:48:04",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 3.2"
},
{
"version_value": "Update 1.2"
}
]
}
},
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0700",
"datePublished": "2020-03-12T15:48:04",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:05.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1306 (GCVE-0-2019-1306)
Vulnerability from cvelistv5 – Published: 2019-09-11 21:25 – Updated: 2024-08-04 18:13
VLAI?
Summary
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server 2018 |
Affected:
Update 3.2
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:13:30.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka \u0027Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-11T21:25:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka \u0027Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1306",
"datePublished": "2019-09-11T21:25:01",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:13:30.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1305 (GCVE-0-2019-1305)
Vulnerability from cvelistv5 – Published: 2019-09-11 21:25 – Updated: 2024-08-04 18:13
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server |
Affected:
2017 Update 3.1
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:13:30.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Team Foundation Server 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 4.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-11T21:25:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Team Foundation Server 2015",
"version": {
"version_data": [
{
"version_value": "Update 4.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1305",
"datePublished": "2019-09-11T21:25:01",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:13:30.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1076 (GCVE-0-2019-1076)
Vulnerability from cvelistv5 – Published: 2019-07-15 18:56 – Updated: 2024-08-04 18:06
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server 2018 |
Affected:
Update 3.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:31.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-15T18:56:20",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1076",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1076",
"datePublished": "2019-07-15T18:56:20",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:06:31.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1072 (GCVE-0-2019-1072)
Vulnerability from cvelistv5 – Published: 2019-07-15 18:56 – Updated: 2024-08-04 18:06
VLAI?
Summary
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server 2012 |
Affected:
Update 4
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:31.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 4"
}
]
},
{
"product": "Team Foundation Server 2013 Update 5",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 4.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Team Foundation Server 2010",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "SP1 (x86)"
},
{
"status": "affected",
"version": "SP1 (x64)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka \u0027Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-15T18:56:20",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2012",
"version": {
"version_data": [
{
"version_value": "Update 4"
}
]
}
},
{
"product_name": "Team Foundation Server 2013 Update 5",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2015",
"version": {
"version_data": [
{
"version_value": "Update 4.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2010",
"version": {
"version_data": [
{
"version_value": "SP1 (x86)"
},
{
"version_value": "SP1 (x64)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka \u0027Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1072",
"datePublished": "2019-07-15T18:56:20",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:06:31.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0971 (GCVE-0-2019-0971)
Vulnerability from cvelistv5 – Published: 2019-05-16 18:24 – Updated: 2024-08-04 18:06
VLAI?
Summary
An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server 2018 |
Affected:
Update 3.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:29.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka \u0027Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-16T18:24:57",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka \u0027Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0971",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0971",
"datePublished": "2019-05-16T18:24:57",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:06:29.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0979 (GCVE-0-2019-0979)
Vulnerability from cvelistv5 – Published: 2019-05-16 18:24 – Updated: 2024-08-04 18:06
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server |
Affected:
2017 Update 3.1
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:29.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0872."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-16T18:24:57",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0872."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0979",
"datePublished": "2019-05-16T18:24:57",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:06:29.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0872 (GCVE-0-2019-0872)
Vulnerability from cvelistv5 – Published: 2019-05-16 18:17 – Updated: 2024-08-04 17:58
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server |
Affected:
2017 Update 3.1
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Team Foundation Server 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0979."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-16T18:17:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0872"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Team Foundation Server 2015",
"version": {
"version_data": [
{
"version_value": "Update 4.2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0979."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0872",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0872"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0872",
"datePublished": "2019-05-16T18:17:01",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0871 (GCVE-0-2019-0871)
Vulnerability from cvelistv5 – Published: 2019-04-09 20:20 – Updated: 2024-08-04 17:58
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server |
Affected:
2017 Update 3.1
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871"
},
{
"name": "107755",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T21:06:06",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871"
},
{
"name": "107755",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107755"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871"
},
{
"name": "107755",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0871",
"datePublished": "2019-04-09T20:20:34",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0870 (GCVE-0-2019-0870)
Vulnerability from cvelistv5 – Published: 2019-04-09 20:20 – Updated: 2024-08-04 17:58
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server |
Affected:
2017 Update 3.1
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870"
},
{
"name": "107754",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107754"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T21:06:06",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870"
},
{
"name": "107754",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107754"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870"
},
{
"name": "107754",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107754"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0870",
"datePublished": "2019-04-09T20:20:34",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0866 (GCVE-0-2019-0866)
Vulnerability from cvelistv5 – Published: 2019-04-09 20:19 – Updated: 2024-08-04 17:58
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server |
Affected:
2017 Update 3.1
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0866"
},
{
"name": "107749",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107749"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Team Foundation Server 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T22:06:03",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0866"
},
{
"name": "107749",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107749"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Team Foundation Server 2015",
"version": {
"version_data": [
{
"version_value": "Update 4.2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0866",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0866"
},
{
"name": "107749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107749"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0866",
"datePublished": "2019-04-09T20:19:48",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0868 (GCVE-0-2019-0868)
Vulnerability from cvelistv5 – Published: 2019-04-09 20:19 – Updated: 2024-08-04 17:58
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server |
Affected:
2017 Update 3.1
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0868"
},
{
"name": "107753",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T22:06:03",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0868"
},
{
"name": "107753",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107753"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0868",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0868"
},
{
"name": "107753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107753"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0868",
"datePublished": "2019-04-09T20:19:48",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0867 (GCVE-0-2019-0867)
Vulnerability from cvelistv5 – Published: 2019-04-09 20:19 – Updated: 2024-08-04 17:58
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server 2018 |
Affected:
Update 3.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0867"
},
{
"name": "107752",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T21:06:05",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0867"
},
{
"name": "107752",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0867",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0867"
},
{
"name": "107752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0867",
"datePublished": "2019-04-09T20:19:48",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0777 (GCVE-0-2019-0777)
Vulnerability from cvelistv5 – Published: 2019-04-09 02:07 – Updated: 2024-08-04 17:58
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server 2018 |
Affected:
Update 1.2
Affected: Update 3.2 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:57.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
}
],
"datePublic": "2019-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T02:07:26",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0777",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0777",
"datePublished": "2019-04-09T02:07:26",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:57.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0758 (GCVE-0-2020-0758)
Vulnerability from nvd – Published: 2020-03-12 15:48 – Updated: 2024-08-04 06:11
VLAI?
Summary
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.
Severity ?
No CVSS data available.
CWE
- Elevation of Privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server 2018 |
Affected:
Update 1.2
Affected: Update 3.2 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:05.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0815."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T15:48:05",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0815."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0758",
"datePublished": "2020-03-12T15:48:05",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:05.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0700 (GCVE-0-2020-0700)
Vulnerability from nvd – Published: 2020-03-12 15:48 – Updated: 2024-08-04 06:11
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Azure DevOps Server |
Affected:
2019.0.1
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:05.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 3.2"
},
{
"status": "affected",
"version": "Update 1.2"
}
]
},
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T15:48:04",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 3.2"
},
{
"version_value": "Update 1.2"
}
]
}
},
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0700",
"datePublished": "2020-03-12T15:48:04",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:05.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1306 (GCVE-0-2019-1306)
Vulnerability from nvd – Published: 2019-09-11 21:25 – Updated: 2024-08-04 18:13
VLAI?
Summary
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server 2018 |
Affected:
Update 3.2
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:13:30.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka \u0027Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-11T21:25:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka \u0027Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1306",
"datePublished": "2019-09-11T21:25:01",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:13:30.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1305 (GCVE-0-2019-1305)
Vulnerability from nvd – Published: 2019-09-11 21:25 – Updated: 2024-08-04 18:13
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server |
Affected:
2017 Update 3.1
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:13:30.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Team Foundation Server 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 4.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-11T21:25:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Team Foundation Server 2015",
"version": {
"version_data": [
{
"version_value": "Update 4.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1305",
"datePublished": "2019-09-11T21:25:01",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:13:30.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1076 (GCVE-0-2019-1076)
Vulnerability from nvd – Published: 2019-07-15 18:56 – Updated: 2024-08-04 18:06
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server 2018 |
Affected:
Update 3.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:31.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-15T18:56:20",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1076",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1076",
"datePublished": "2019-07-15T18:56:20",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:06:31.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1072 (GCVE-0-2019-1072)
Vulnerability from nvd – Published: 2019-07-15 18:56 – Updated: 2024-08-04 18:06
VLAI?
Summary
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server 2012 |
Affected:
Update 4
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:31.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2012",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 4"
}
]
},
{
"product": "Team Foundation Server 2013 Update 5",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 4.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Team Foundation Server 2010",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "SP1 (x86)"
},
{
"status": "affected",
"version": "SP1 (x64)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka \u0027Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-15T18:56:20",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2012",
"version": {
"version_data": [
{
"version_value": "Update 4"
}
]
}
},
{
"product_name": "Team Foundation Server 2013 Update 5",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2015",
"version": {
"version_data": [
{
"version_value": "Update 4.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2010",
"version": {
"version_data": [
{
"version_value": "SP1 (x86)"
},
{
"version_value": "SP1 (x64)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka \u0027Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1072",
"datePublished": "2019-07-15T18:56:20",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:06:31.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0971 (GCVE-0-2019-0971)
Vulnerability from nvd – Published: 2019-05-16 18:24 – Updated: 2024-08-04 18:06
VLAI?
Summary
An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server 2018 |
Affected:
Update 3.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:29.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka \u0027Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-16T18:24:57",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka \u0027Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0971",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0971",
"datePublished": "2019-05-16T18:24:57",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:06:29.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0979 (GCVE-0-2019-0979)
Vulnerability from nvd – Published: 2019-05-16 18:24 – Updated: 2024-08-04 18:06
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server |
Affected:
2017 Update 3.1
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:29.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0872."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-16T18:24:57",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0872."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0979",
"datePublished": "2019-05-16T18:24:57",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T18:06:29.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0872 (GCVE-0-2019-0872)
Vulnerability from nvd – Published: 2019-05-16 18:17 – Updated: 2024-08-04 17:58
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server |
Affected:
2017 Update 3.1
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Team Foundation Server 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0979."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-16T18:17:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0872"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Team Foundation Server 2015",
"version": {
"version_data": [
{
"version_value": "Update 4.2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0979."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0872",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0872"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0872",
"datePublished": "2019-05-16T18:17:01",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0871 (GCVE-0-2019-0871)
Vulnerability from nvd – Published: 2019-04-09 20:20 – Updated: 2024-08-04 17:58
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server |
Affected:
2017 Update 3.1
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871"
},
{
"name": "107755",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T21:06:06",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871"
},
{
"name": "107755",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107755"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0871"
},
{
"name": "107755",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0871",
"datePublished": "2019-04-09T20:20:34",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0870 (GCVE-0-2019-0870)
Vulnerability from nvd – Published: 2019-04-09 20:20 – Updated: 2024-08-04 17:58
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server |
Affected:
2017 Update 3.1
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870"
},
{
"name": "107754",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107754"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T21:06:06",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870"
},
{
"name": "107754",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107754"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0870"
},
{
"name": "107754",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107754"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0870",
"datePublished": "2019-04-09T20:20:34",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0866 (GCVE-0-2019-0866)
Vulnerability from nvd – Published: 2019-04-09 20:19 – Updated: 2024-08-04 17:58
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server |
Affected:
2017 Update 3.1
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0866"
},
{
"name": "107749",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107749"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Team Foundation Server 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T22:06:03",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0866"
},
{
"name": "107749",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107749"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Team Foundation Server 2015",
"version": {
"version_data": [
{
"version_value": "Update 4.2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0866",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0866"
},
{
"name": "107749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107749"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0866",
"datePublished": "2019-04-09T20:19:48",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0868 (GCVE-0-2019-0868)
Vulnerability from nvd – Published: 2019-04-09 20:19 – Updated: 2024-08-04 17:58
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server |
Affected:
2017 Update 3.1
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0868"
},
{
"name": "107753",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T22:06:03",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0868"
},
{
"name": "107753",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107753"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0868",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0868"
},
{
"name": "107753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107753"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0868",
"datePublished": "2019-04-09T20:19:48",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0867 (GCVE-0-2019-0867)
Vulnerability from nvd – Published: 2019-04-09 20:19 – Updated: 2024-08-04 17:58
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server 2018 |
Affected:
Update 3.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0867"
},
{
"name": "107752",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T21:06:05",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0867"
},
{
"name": "107752",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \u0027Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\u0027. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0867",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0867"
},
{
"name": "107752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0867",
"datePublished": "2019-04-09T20:19:48",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0777 (GCVE-0-2019-0777)
Vulnerability from nvd – Published: 2019-04-09 02:07 – Updated: 2024-08-04 17:58
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Team Foundation Server 2018 |
Affected:
Update 1.2
Affected: Update 3.2 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:57.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
}
],
"datePublic": "2019-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T02:07:26",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka \u0027Team Foundation Server Cross-site Scripting Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0777",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0777",
"datePublished": "2019-04-09T02:07:26",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:57.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}