All the vulnerabilites related to Microsoft - Azure DevOps Server 2019
cve-2019-0996
Vulnerability from cvelistv5
Published
2019-06-12 13:49
Modified
2025-05-20 17:50
Severity ?
EPSS score ?
Summary
Azure DevOps Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-0996 | vendor-advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Microsoft | Azure DevOps Server 2019 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:31.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:azure_devops_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2019-06-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability could bypass OAuth protections and register an application on behalf of the targeted user.\nTo exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request. The attacker would then need to convince a targeted user to click a link to the malicious page.\nThe update addresses the vulnerability by modifying how Azure DevOps Server protects application registration requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T17:50:02.804Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure DevOps Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-0996"
}
],
"title": "Azure DevOps Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0996",
"datePublished": "2019-06-12T13:49:39",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2025-05-20T17:50:02.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1326
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:32
Severity ?
EPSS score ?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:32:00.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T22:54:02",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1326",
"datePublished": "2020-07-14T22:54:02",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:32:00.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-0758
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:05.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1.2"
},
{
"status": "affected",
"version": "Update 3.2"
}
]
},
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0815."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T15:48:05",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 1.2"
},
{
"version_value": "Update 3.2"
}
]
}
},
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka \u0027Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-0815."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0758",
"datePublished": "2020-03-12T15:48:05",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:05.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-0700
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:11
Severity ?
EPSS score ?
Summary
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:05.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Team Foundation Server 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 3.2"
},
{
"status": "affected",
"version": "Update 1.2"
}
]
},
{
"product": "Team Foundation Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 Update 3.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T15:48:04",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Team Foundation Server 2018",
"version": {
"version_data": [
{
"version_value": "Update 3.2"
},
{
"version_value": "Update 1.2"
}
]
}
},
{
"product_name": "Team Foundation Server",
"version": {
"version_data": [
{
"version_value": "2017 Update 3.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \u0027Azure DevOps Server Cross-site Scripting Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0700"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0700",
"datePublished": "2020-03-12T15:48:04",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:05.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1327
Vulnerability from cvelistv5
Published
2020-06-09 19:44
Modified
2024-08-04 06:32
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:32:01.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure DevOps Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019.0.1"
}
]
},
{
"product": "Azure DevOps Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Update 1"
}
]
},
{
"product": "Azure DevOps Server 2019 Update 1.1",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka \u0027Azure DevOps Server HTML Injection Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T19:44:10",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure DevOps Server",
"version": {
"version_data": [
{
"version_value": "2019.0.1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019",
"version": {
"version_data": [
{
"version_value": "Update 1"
}
]
}
},
{
"product_name": "Azure DevOps Server 2019 Update 1.1",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka \u0027Azure DevOps Server HTML Injection Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1327"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1327",
"datePublished": "2020-06-09T19:44:10",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:32:01.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}