Vulnerability in Microsoft Azure Devops Server
CVE-2020-0758
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This C…
EPSS: 0.020 (78.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Microsoft Azure Devops Server — versions 2019.0.1
- Microsoft Azure_devops_server — versions 2019, 2019.0.1
- Microsoft Azure Devops Server 2019 — versions Update 1
- Microsoft Azure Devops Server 2019 Update 1.1 — versions unspecified
- Microsoft Team Foundation Server — versions 2017 Update 3.1
- Microsoft Team_foundation_server — versions 2017, 2018
- Microsoft Team Foundation Server 2018 — versions Update 1.2, Update 3.2
References
- secure@microsoft.com (Patch, x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-0758?
- CVE-2020-0758 is a high-severity vulnerability in Microsoft Azure Devops Server. CVSS score: 7.5/10. Published 2020-03-12.
- How severe is CVE-2020-0758?
- High severity. CVSS v3 base score is 7.5 out of 10.