← Back

CVE-2023-33136

nvd nist
Published: Sep 12, 2023Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: secure@microsoft.com (Secondary)

Description

Azure DevOps Server Remote Code Execution Vulnerability

Affected (5)

Microsoft
1 product
Azure Devops Server
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Azure Devops Server
Version 2019.0.1
Azure Devops Server
Version 2019.1.2
Azure Devops Server
Version 2020.0.2
Azure Devops Server
Version 2020.1.2
Azure Devops Server
Version 2022.0.1

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.