Microsoft Azure Devops Server
Recent Microsoft Azure Devops Server Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2023-36437 | Azure DevOps Server Remote Code Execution Vulnerability | November 14, 2023 |
| CVE-2023-36561 | Azure DevOps Server Elevation of Privilege Vulnerability | October 10, 2023 |
| CVE-2023-33136 | Azure DevOps Server Remote Code Execution Vulnerability | September 12, 2023 |
| CVE-2023-38155 | Azure DevOps Server Remote Code Execution Vulnerability | September 12, 2023 |
| CVE-2023-36869 | Azure DevOps Server Spoofing Vulnerability | August 8, 2023 |
| CVE-2023-21565 | Azure DevOps Server Spoofing Vulnerability | June 13, 2023 |
| CVE-2023-21569 | Azure DevOps Server Spoofing Vulnerability | June 13, 2023 |
| CVE-2023-21553 | Azure DevOps Server Remote Code Execution Vulnerability | February 14, 2023 |
| CVE-2023-21564 | Azure DevOps Server Cross-Site Scripting Vulnerability | February 14, 2023 |
By the Year
In 2023 there have been 8 vulnerabilities in Microsoft Azure Devops Server with an average score of 7.2 out of ten. Azure Devops Server did not have any published security vulnerabilities last year. That is, 8 more vulnerabilities have already been reported in 2023 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 8 | 7.21 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 6.30 |
| 2020 | 8 | 6.01 |
| 2019 | 17 | 6.52 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Azure Devops Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Azure Devops Server Security Vulnerabilities
Azure DevOps Server Elevation of Privilege Vulnerability
CVE-2023-36561
7.3 - High
- October 10, 2023
Azure DevOps Server Elevation of Privilege Vulnerability
Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-33136
8.8 - High
- September 12, 2023
Azure DevOps Server Remote Code Execution Vulnerability
Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-38155
8.1 - High
- September 12, 2023
Azure DevOps Server Remote Code Execution Vulnerability
Azure DevOps Server Spoofing Vulnerability
CVE-2023-36869
6.3 - Medium
- August 08, 2023
Azure DevOps Server Spoofing Vulnerability
Azure DevOps Server Spoofing Vulnerability
CVE-2023-21565
7.1 - High
- June 14, 2023
Azure DevOps Server Spoofing Vulnerability
Azure DevOps Server Spoofing Vulnerability
CVE-2023-21569
5.5 - Medium
- June 14, 2023
Azure DevOps Server Spoofing Vulnerability
Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-21553
7.5 - High
- February 14, 2023
Azure DevOps Server Remote Code Execution Vulnerability
Azure DevOps Server Cross-Site Scripting Vulnerability
CVE-2023-21564
7.1 - High
- February 14, 2023
Azure DevOps Server Cross-Site Scripting Vulnerability
XSS
Azure DevOps Server Spoofing Vulnerability
CVE-2021-28459
6.1 - Medium
- April 13, 2021
Azure DevOps Server Spoofing Vulnerability
XSS
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
CVE-2021-27067
6.5 - Medium
- April 13, 2021
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Information Disclosure
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
CVE-2020-17145
5.4 - Medium
- December 10, 2020
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Improper Input Validation
Azure DevOps Server Spoofing Vulnerability
CVE-2020-17135
5.4 - Medium
- December 10, 2020
Azure DevOps Server Spoofing Vulnerability
Improper Input Validation
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
CVE-2020-1325
5.4 - Medium
- November 11, 2020
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input
CVE-2020-1326
5.4 - Medium
- July 14, 2020
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
XSS
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests
CVE-2020-1327
6.1 - Medium
- June 09, 2020
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.
Injection
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input
CVE-2020-0700
5.4 - Medium
- March 12, 2020
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
XSS
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens
CVE-2020-0815
7.5 - High
- March 12, 2020
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.
Improper Privilege Management
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens
CVE-2020-0758
7.5 - High
- March 12, 2020
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.
Improper Privilege Management
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly
CVE-2019-1306
9.8 - Critical
- September 11, 2019
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.
Improper Input Validation
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input
CVE-2019-1305
5.4 - Medium
- September 11, 2019
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
XSS
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input
CVE-2019-1076
5.4 - Medium
- July 15, 2019
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
XSS
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input
CVE-2019-1072
9.8 - Critical
- July 15, 2019
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.
Improper Input Validation
A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications
CVE-2019-0996
6.5 - Medium
- June 12, 2019
A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery, aka 'Azure DevOps Server Spoofing Vulnerability'.
Session Riding
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0979
5.4 - Medium
- May 16, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872.
XSS
An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server
CVE-2019-0971
6.5 - Medium
- May 16, 2019
An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'.
Output Sanitization
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0872
5.4 - Medium
- May 16, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979.
XSS
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0866
6.1 - Medium
- April 09, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.
XSS
A spoofing vulnerability
CVE-2019-0857
6.5 - Medium
- April 09, 2019
A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'.
Output Sanitization
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0867
6.1 - Medium
- April 09, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.
XSS
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0868
6.1 - Medium
- April 09, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871.
XSS
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests
CVE-2019-0869
6.1 - Medium
- April 09, 2019
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.
XSS
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0870
6.1 - Medium
- April 09, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871.
XSS
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0871
6.1 - Medium
- April 09, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870.
XSS
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input
CVE-2019-0874
6.1 - Medium
- April 09, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
XSS
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions
CVE-2019-0875
7.5 - High
- April 09, 2019
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Azure Devops Server or by Microsoft? Click the Watch button to subscribe.
