Microsoft Azure_devops_server
40 CVEs affecting Microsoft Azure_devops_server. Latest disclosed: 2026-02-10. Critical: 2, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-1306 | Critical | 9.8 | 2019-09-11 | A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps… |
CVE-2019-1072 | Critical | 9.8 | 2019-07-15 | A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server a… |
CVE-2023-33136 | High | 8.8 | 2023-09-12 | Azure DevOps Server Remote Code Execution Vulnerability |
CVE-2024-35267 | High | 7.6 | 2024-07-09 | Azure DevOps Server Spoofing Vulnerability |
CVE-2024-35266 | High | 7.6 | 2024-07-09 | Azure DevOps Server Spoofing Vulnerability |
CVE-2024-20667 | High | 7.5 | 2024-02-13 | Azure DevOps Server Remote Code Execution Vulnerability |
CVE-2023-21553 | High | 7.5 | 2023-02-14 | Azure DevOps Server Remote Code Execution Vulnerability |
CVE-2020-0815 | High | 7.5 | 2020-03-12 | An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps S… |
CVE-2020-0758 | High | 7.5 | 2020-03-12 | An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps S… |
CVE-2019-0875 | High | 7.5 | 2019-04-09 | An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation… |
CVE-2023-36561 | High | 7.3 | 2023-10-10 | Azure DevOps Server Elevation of Privilege Vulnerability |
CVE-2023-21565 | High | 7.1 | 2023-06-14 | Azure DevOps Server Spoofing Vulnerability |
CVE-2023-21564 | High | 7.1 | 2023-02-14 | Azure DevOps Server Cross-Site Scripting Vulnerability |
CVE-2023-38155 | High | 7.0 | 2023-09-12 | Azure DevOps Server Remote Code Execution Vulnerability |
CVE-2026-21512 | Medium | 6.5 | 2026-02-10 | Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network. |
CVE-2023-21751 | Medium | 6.5 | 2023-12-14 | Azure DevOps Server Spoofing Vulnerability |
CVE-2021-27067 | Medium | 6.5 | 2021-04-13 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability |
CVE-2019-0996 | Medium | 6.5 | 2019-06-12 | A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery… |
CVE-2019-0971 | Medium | 6.5 | 2019-05-16 | An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authe… |
CVE-2019-0857 | Medium | 6.5 | 2019-04-09 | A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azu… |