Azure Devops Server

azure_devops_server

Vendor: Microsoft • 40 CVEs

CVEs (40)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-0815 1Microsoft 1Azure Devops Server Nov 21, 2024 Mar 12, 2020 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vul...Show more An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.Show less
CVE-2020-0758 1Microsoft 2Azure Devops Server Team Foundation Server Nov 21, 2024 Mar 12, 2020 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vul...Show more An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.Show less
CVE-2020-0700 1Microsoft 2Azure Devops Server Team Foundation Server Nov 21, 2024 Mar 12, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
CVE-2019-1306 1Microsoft 2Azure Devops Server Team Foundation Server Nov 21, 2024 Sep 11, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerabili...Show more A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.Show less
CVE-2019-1305 1Microsoft 2Azure Devops Server Team Foundation Server Nov 21, 2024 Sep 11, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
CVE-2019-1076 1Microsoft 2Azure Devops Server Team Foundation Server Nov 21, 2024 Jul 15, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
CVE-2019-1072 1Microsoft 2Azure Devops Server Team Foundation Server Nov 21, 2024 Jul 15, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability...Show more A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.Show less
CVE-2019-0996 1Microsoft 1Azure Devops Server May 20, 2025 Jun 12, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability c...Show more A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability could bypass OAuth protections and register an application on behalf of the targeted user. To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request. The attacker would then need to convince a targeted user to click a link to the malicious page. The update addresses the vulnerability by modifying how Azure DevOps Server protects application registration requests.Show less
CVE-2019-0979 1Microsoft 2Azure Devops Server Team Foundation Server Nov 21, 2024 May 16, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting...Show more A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872.Show less
CVE-2019-0971 1Microsoft 2Azure Devops Server Team Foundation Server Nov 21, 2024 May 16, 2019 N/A· v4 6.5 MEDIUM· v3 9.0 HIGH· v2 An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Se...Show more An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'.Show less
CVE-2019-0872 1Microsoft 2Azure Devops Server Team Foundation Server Nov 21, 2024 May 16, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting...Show more A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979.Show less
CVE-2019-0875 1Microsoft 1Azure Devops Server Nov 21, 2024 Apr 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.
CVE-2019-0874 1Microsoft 1Azure Devops Server Nov 21, 2024 Apr 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
CVE-2019-0871 1Microsoft 2Azure Devops Server Team Foundation Server Nov 21, 2024 Apr 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting...Show more A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870.Show less
CVE-2019-0870 1Microsoft 2Azure Devops Server Team Foundation Server Nov 21, 2024 Apr 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting...Show more A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871.Show less
CVE-2019-0869 1Microsoft 1Azure Devops Server Nov 21, 2024 Apr 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.
CVE-2019-0868 1Microsoft 2Azure Devops Server Team Foundation Server Nov 21, 2024 Apr 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting...Show more A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871.Show less
CVE-2019-0867 1Microsoft 2Azure Devops Server Team Foundation Server Nov 21, 2024 Apr 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting...Show more A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.Show less
CVE-2019-0866 1Microsoft 2Azure Devops Server Team Foundation Server Nov 21, 2024 Apr 9, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting...Show more A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.Show less
CVE-2019-0857 1Microsoft 1Azure Devops Server Nov 21, 2024 Apr 9, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'.

Previous 12