Microsoft Azure Devops Server
24 CVEs affecting Microsoft Azure Devops Server. Latest disclosed: 2024-02-13. Critical: 2, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-1306 | Critical | 9.8 | 2019-09-11 | A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps… |
CVE-2019-1072 | Critical | 9.8 | 2019-07-15 | A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server a… |
CVE-2023-33136 | High | 8.8 | 2023-09-12 | Azure DevOps Server Remote Code Execution Vulnerability |
CVE-2024-20667 | High | 7.5 | 2024-02-13 | Azure DevOps Server Remote Code Execution Vulnerability |
CVE-2020-0758 | High | 7.5 | 2020-03-12 | An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps S… |
CVE-2019-0875 | High | 7.5 | 2019-04-09 | An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation… |
CVE-2023-38155 | High | 7.0 | 2023-09-12 | Azure DevOps Server Remote Code Execution Vulnerability |
CVE-2019-0971 | Medium | 6.5 | 2019-05-16 | An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authe… |
CVE-2019-0857 | Medium | 6.5 | 2019-04-09 | A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azu… |
CVE-2023-36869 | Medium | 6.3 | 2023-08-08 | Azure DevOps Server Spoofing Vulnerability |
CVE-2020-1327 | Medium | 6.1 | 2020-06-09 | A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnera… |
CVE-2019-0874 | Medium | 6.1 | 2019-04-09 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site… |
CVE-2019-0871 | Medium | 6.1 | 2019-04-09 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure… |
CVE-2019-0870 | Medium | 6.1 | 2019-04-09 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure… |
CVE-2019-0869 | Medium | 6.1 | 2019-04-09 | A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnera… |
CVE-2019-0868 | Medium | 6.1 | 2019-04-09 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure… |
CVE-2019-0867 | Medium | 6.1 | 2019-04-09 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure… |
CVE-2019-0866 | Medium | 6.1 | 2019-04-09 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure… |
CVE-2020-1326 | Medium | 5.4 | 2020-07-14 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site… |
CVE-2020-0700 | Medium | 5.4 | 2020-03-12 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site… |