Azure Devops
by Microsoft
CVEs (45)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-21569 | 0.00 | — | 0.01 | Jun 13, 2023 | Azure DevOps Server Spoofing Vulnerability | |||
| CVE-2023-21565 | 0.00 | — | 0.01 | Jun 13, 2023 | Azure DevOps Server Spoofing Vulnerability | |||
| CVE-2023-21553 | 0.00 | — | 0.01 | Feb 14, 2023 | Azure DevOps Server Remote Code Execution Vulnerability | |||
| CVE-2021-28459 | 0.00 | — | 0.02 | Apr 13, 2021 | Azure DevOps Server Spoofing Vulnerability | |||
| CVE-2020-17145 | 0.00 | — | 0.01 | Dec 9, 2020 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | |||
| CVE-2020-17135 | 0.00 | — | 0.01 | Dec 9, 2020 | Azure DevOps Server Spoofing Vulnerability | |||
| CVE-2020-1325 | 0.00 | — | 0.02 | Nov 11, 2020 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | |||
| CVE-2020-1326 | 0.00 | — | 0.02 | Jul 14, 2020 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. | |||
| CVE-2020-1327 | 0.00 | — | 0.02 | Jun 9, 2020 | A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'. | |||
| CVE-2020-0815 | 0.00 | — | 0.02 | Mar 12, 2020 | An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758. | |||
| CVE-2020-0758 | 0.00 | — | 0.02 | Mar 12, 2020 | An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815. | |||
| CVE-2020-0700 | 0.00 | — | 0.01 | Mar 12, 2020 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. | |||
| CVE-2019-1305 | 0.00 | — | 0.01 | Sep 11, 2019 | A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | |||
| CVE-2019-1076 | 0.00 | — | 0.02 | Jul 15, 2019 | A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | |||
| CVE-2019-0996 | 0.00 | — | 0.02 | Jun 12, 2019 | A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability could bypass OAuth protections and register an application… | |||
| CVE-2019-0979 | 0.00 | — | 0.02 | May 16, 2019 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872. | |||
| CVE-2019-0872 | 0.00 | — | 0.02 | May 16, 2019 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979. | |||
| CVE-2019-0875 | 0.00 | — | 0.03 | Apr 9, 2019 | An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'. | |||
| CVE-2019-0874 | 0.00 | — | 0.02 | Apr 9, 2019 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. | |||
| CVE-2019-0870 | 0.00 | — | 0.02 | Apr 9, 2019 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866,… |
- CVE-2023-21569Jun 13, 2023risk 0.00cvss —epss 0.01
Azure DevOps Server Spoofing Vulnerability
- CVE-2023-21565Jun 13, 2023risk 0.00cvss —epss 0.01
Azure DevOps Server Spoofing Vulnerability
- CVE-2023-21553Feb 14, 2023risk 0.00cvss —epss 0.01
Azure DevOps Server Remote Code Execution Vulnerability
- CVE-2021-28459Apr 13, 2021risk 0.00cvss —epss 0.02
Azure DevOps Server Spoofing Vulnerability
- CVE-2020-17145Dec 9, 2020risk 0.00cvss —epss 0.01
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
- CVE-2020-17135Dec 9, 2020risk 0.00cvss —epss 0.01
Azure DevOps Server Spoofing Vulnerability
- CVE-2020-1325Nov 11, 2020risk 0.00cvss —epss 0.02
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
- CVE-2020-1326Jul 14, 2020risk 0.00cvss —epss 0.02
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
- CVE-2020-1327Jun 9, 2020risk 0.00cvss —epss 0.02
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.
- CVE-2020-0815Mar 12, 2020risk 0.00cvss —epss 0.02
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.
- CVE-2020-0758Mar 12, 2020risk 0.00cvss —epss 0.02
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.
- CVE-2020-0700Mar 12, 2020risk 0.00cvss —epss 0.01
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
- CVE-2019-1305Sep 11, 2019risk 0.00cvss —epss 0.01
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
- CVE-2019-1076Jul 15, 2019risk 0.00cvss —epss 0.02
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
- CVE-2019-0996Jun 12, 2019risk 0.00cvss —epss 0.02
A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability could bypass OAuth protections and register an application…
- CVE-2019-0979May 16, 2019risk 0.00cvss —epss 0.02
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872.
- CVE-2019-0872May 16, 2019risk 0.00cvss —epss 0.02
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979.
- CVE-2019-0875Apr 9, 2019risk 0.00cvss —epss 0.03
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.
- CVE-2019-0874Apr 9, 2019risk 0.00cvss —epss 0.02
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
- CVE-2019-0870Apr 9, 2019risk 0.00cvss —epss 0.02
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866,…
Page 2 of 3