Azure DevOps Server
by Microsoft
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-36437 | Hig | 0.57 | 8.8 | 0.02 | Nov 14, 2023 | Azure DevOps Server Remote Code Execution Vulnerability | ||
| CVE-2023-33136 | Hig | 0.57 | 8.8 | 0.02 | Sep 12, 2023 | Azure DevOps Server Remote Code Execution Vulnerability | ||
| CVE-2023-21553 | Hig | 0.49 | 7.5 | 0.01 | Feb 14, 2023 | Azure DevOps Server Remote Code Execution Vulnerability | ||
| CVE-2020-0815 | Hig | 0.49 | 7.5 | 0.02 | Mar 12, 2020 | An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758. | ||
| CVE-2020-0758 | Hig | 0.49 | 7.5 | 0.02 | Mar 12, 2020 | An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815. | ||
| CVE-2023-36561 | Hig | 0.48 | 7.3 | 0.01 | Oct 10, 2023 | Azure DevOps Server Elevation of Privilege Vulnerability | ||
| CVE-2023-38155 | Hig | 0.46 | 7.0 | 0.01 | Sep 12, 2023 | Azure DevOps Server Remote Code Execution Vulnerability | ||
| CVE-2023-21565 | Hig | 0.46 | 7.1 | 0.01 | Jun 14, 2023 | Azure DevOps Server Spoofing Vulnerability | ||
| CVE-2023-21564 | Hig | 0.46 | 7.1 | 0.01 | Feb 14, 2023 | Azure DevOps Server Cross-Site Scripting Vulnerability | ||
| CVE-2023-21751 | Med | 0.42 | 6.5 | 0.01 | Dec 14, 2023 | Azure DevOps Server Spoofing Vulnerability | ||
| CVE-2021-27067 | Med | 0.42 | 6.5 | 0.03 | Apr 13, 2021 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | ||
| CVE-2020-17135 | Med | 0.42 | 6.4 | 0.01 | Dec 10, 2020 | Azure DevOps Server Spoofing Vulnerability | ||
| CVE-2023-36869 | Med | 0.41 | 6.3 | 0.01 | Aug 8, 2023 | Azure DevOps Server Spoofing Vulnerability | ||
| CVE-2021-28459 | Med | 0.40 | 6.1 | 0.02 | Apr 13, 2021 | Azure DevOps Server Spoofing Vulnerability | ||
| CVE-2020-1327 | Med | 0.40 | 6.1 | 0.02 | Jun 9, 2020 | A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'. | ||
| CVE-2023-21569 | Med | 0.36 | 5.5 | 0.01 | Jun 14, 2023 | Azure DevOps Server Spoofing Vulnerability | ||
| CVE-2020-17145 | Med | 0.35 | 5.4 | 0.01 | Dec 10, 2020 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | ||
| CVE-2020-1325 | Med | 0.35 | 5.4 | 0.02 | Nov 11, 2020 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | ||
| CVE-2020-1326 | Med | 0.35 | 5.4 | 0.02 | Jul 14, 2020 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. |
- risk 0.57cvss 8.8epss 0.02
Azure DevOps Server Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.02
Azure DevOps Server Remote Code Execution Vulnerability
- risk 0.49cvss 7.5epss 0.01
Azure DevOps Server Remote Code Execution Vulnerability
- risk 0.49cvss 7.5epss 0.02
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.
- risk 0.49cvss 7.5epss 0.02
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.
- risk 0.48cvss 7.3epss 0.01
Azure DevOps Server Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.01
Azure DevOps Server Remote Code Execution Vulnerability
- risk 0.46cvss 7.1epss 0.01
Azure DevOps Server Spoofing Vulnerability
- risk 0.46cvss 7.1epss 0.01
Azure DevOps Server Cross-Site Scripting Vulnerability
- risk 0.42cvss 6.5epss 0.01
Azure DevOps Server Spoofing Vulnerability
- risk 0.42cvss 6.5epss 0.03
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
- risk 0.42cvss 6.4epss 0.01
Azure DevOps Server Spoofing Vulnerability
- risk 0.41cvss 6.3epss 0.01
Azure DevOps Server Spoofing Vulnerability
- risk 0.40cvss 6.1epss 0.02
Azure DevOps Server Spoofing Vulnerability
- risk 0.40cvss 6.1epss 0.02
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.
- risk 0.36cvss 5.5epss 0.01
Azure DevOps Server Spoofing Vulnerability
- risk 0.35cvss 5.4epss 0.01
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
- risk 0.35cvss 5.4epss 0.02
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
- risk 0.35cvss 5.4epss 0.02
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.