Azure Devops Server Microsoft Azure Devops Server

Do you want an email whenever new security vulnerabilities are reported in Microsoft Azure Devops Server?

Recent Microsoft Azure Devops Server Security Advisories

Advisory Title Published
CVE-2024-20667 Azure DevOps Server Remote Code Execution Vulnerability February 13, 2024
CVE-2023-21751 Azure DevOps Server Spoofing Vulnerability December 13, 2023
CVE-2023-36437 Azure DevOps Server Remote Code Execution Vulnerability November 14, 2023
CVE-2023-36561 Azure DevOps Server Elevation of Privilege Vulnerability October 10, 2023
CVE-2023-33136 Azure DevOps Server Remote Code Execution Vulnerability September 12, 2023
CVE-2023-38155 Azure DevOps Server Remote Code Execution Vulnerability September 12, 2023
CVE-2023-36869 Azure DevOps Server Spoofing Vulnerability August 8, 2023
CVE-2023-21565 Azure DevOps Server Spoofing Vulnerability June 13, 2023
CVE-2023-21569 Azure DevOps Server Spoofing Vulnerability June 13, 2023
CVE-2023-21553 Azure DevOps Server Remote Code Execution Vulnerability February 14, 2023

By the Year

In 2024 there have been 1 vulnerability in Microsoft Azure Devops Server with an average score of 7.5 out of ten. Last year Azure Devops Server had 9 security vulnerabilities published. Right now, Azure Devops Server is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.37.

Year Vulnerabilities Average Score
2024 1 7.50
2023 9 7.13
2022 0 0.00
2021 2 6.30
2020 8 6.14
2019 17 6.52
2018 0 0.00

It may take a day or so for new Azure Devops Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Azure Devops Server Security Vulnerabilities

Azure DevOps Server Remote Code Execution Vulnerability

CVE-2024-20667 7.5 - High - February 13, 2024

Azure DevOps Server Remote Code Execution Vulnerability

Azure DevOps Server Spoofing Vulnerability

CVE-2023-21751 6.5 - Medium - December 14, 2023

Azure DevOps Server Spoofing Vulnerability

Azure DevOps Server Elevation of Privilege Vulnerability

CVE-2023-36561 7.3 - High - October 10, 2023

Azure DevOps Server Elevation of Privilege Vulnerability

Azure DevOps Server Remote Code Execution Vulnerability

CVE-2023-33136 8.8 - High - September 12, 2023

Azure DevOps Server Remote Code Execution Vulnerability

Azure DevOps Server Remote Code Execution Vulnerability

CVE-2023-38155 8.1 - High - September 12, 2023

Azure DevOps Server Remote Code Execution Vulnerability

Azure DevOps Server Spoofing Vulnerability

CVE-2023-36869 6.3 - Medium - August 08, 2023

Azure DevOps Server Spoofing Vulnerability

Azure DevOps Server Spoofing Vulnerability

CVE-2023-21565 7.1 - High - June 14, 2023

Azure DevOps Server Spoofing Vulnerability

Azure DevOps Server Spoofing Vulnerability

CVE-2023-21569 5.5 - Medium - June 14, 2023

Azure DevOps Server Spoofing Vulnerability

Azure DevOps Server Remote Code Execution Vulnerability

CVE-2023-21553 7.5 - High - February 14, 2023

Azure DevOps Server Remote Code Execution Vulnerability

Azure DevOps Server Cross-Site Scripting Vulnerability

CVE-2023-21564 7.1 - High - February 14, 2023

Azure DevOps Server Cross-Site Scripting Vulnerability

XSS

Azure DevOps Server Spoofing Vulnerability

CVE-2021-28459 6.1 - Medium - April 13, 2021

Azure DevOps Server Spoofing Vulnerability

XSS

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability

CVE-2021-27067 6.5 - Medium - April 13, 2021

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

CVE-2020-17145 5.4 - Medium - December 10, 2020

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

Azure DevOps Server Spoofing Vulnerability

CVE-2020-17135 6.4 - Medium - December 10, 2020

Azure DevOps Server Spoofing Vulnerability

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

CVE-2020-1325 5.4 - Medium - November 11, 2020

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input

CVE-2020-1326 5.4 - Medium - July 14, 2020

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.

XSS

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests

CVE-2020-1327 6.1 - Medium - June 09, 2020

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.

Injection

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens

CVE-2020-0758 7.5 - High - March 12, 2020

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.

Improper Privilege Management

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens

CVE-2020-0815 7.5 - High - March 12, 2020

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.

Improper Privilege Management

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input

CVE-2020-0700 5.4 - Medium - March 12, 2020

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.

XSS

A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly

CVE-2019-1306 9.8 - Critical - September 11, 2019

A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.

Improper Input Validation

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input

CVE-2019-1305 5.4 - Medium - September 11, 2019

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.

XSS

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input

CVE-2019-1076 5.4 - Medium - July 15, 2019

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.

XSS

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input

CVE-2019-1072 9.8 - Critical - July 15, 2019

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.

Improper Input Validation

A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications

CVE-2019-0996 6.5 - Medium - June 12, 2019

A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery, aka 'Azure DevOps Server Spoofing Vulnerability'.

Session Riding

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input

CVE-2019-0979 5.4 - Medium - May 16, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872.

XSS

An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server

CVE-2019-0971 6.5 - Medium - May 16, 2019

An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'.

Output Sanitization

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input

CVE-2019-0872 5.4 - Medium - May 16, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979.

XSS

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input

CVE-2019-0866 6.1 - Medium - April 09, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.

XSS

A spoofing vulnerability

CVE-2019-0857 6.5 - Medium - April 09, 2019

A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'.

Output Sanitization

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input

CVE-2019-0867 6.1 - Medium - April 09, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.

XSS

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input

CVE-2019-0868 6.1 - Medium - April 09, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871.

XSS

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests

CVE-2019-0869 6.1 - Medium - April 09, 2019

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.

XSS

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input

CVE-2019-0870 6.1 - Medium - April 09, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871.

XSS

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input

CVE-2019-0871 6.1 - Medium - April 09, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870.

XSS

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input

CVE-2019-0874 6.1 - Medium - April 09, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.

XSS

An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions

CVE-2019-0875 7.5 - High - April 09, 2019

An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Azure Devops Server or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe