Microsoft Azure Devops Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Azure Devops Server.
Recent Microsoft Azure Devops Server Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2024-35267 | CVE-2024-35267 Azure DevOps Server Spoofing Vulnerability | July 9, 2024 |
| CVE-2024-35266 | CVE-2024-35266 Azure DevOps Server Spoofing Vulnerability | July 9, 2024 |
| CVE-2024-20667 | Azure DevOps Server Remote Code Execution Vulnerability | February 13, 2024 |
| CVE-2023-21751 | Azure DevOps Server Spoofing Vulnerability | December 13, 2023 |
| CVE-2023-36437 | Azure DevOps Server Remote Code Execution Vulnerability | November 14, 2023 |
| CVE-2023-36561 | Azure DevOps Server Elevation of Privilege Vulnerability | October 10, 2023 |
| CVE-2023-33136 | Azure DevOps Server Remote Code Execution Vulnerability | September 12, 2023 |
| CVE-2023-38155 | Azure DevOps Server Remote Code Execution Vulnerability | September 12, 2023 |
| CVE-2023-36869 | Azure DevOps Server Spoofing Vulnerability | August 8, 2023 |
| CVE-2023-21565 | Azure DevOps Server Spoofing Vulnerability | June 13, 2023 |
By the Year
In 2025 there have been 0 vulnerabilities in Microsoft Azure Devops Server. Last year, in 2024 Azure Devops Server had 3 security vulnerabilities published. Right now, Azure Devops Server is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 3 | 7.57 |
| 2023 | 9 | 7.13 |
| 2022 | 0 | 0.00 |
| 2021 | 2 | 6.30 |
| 2020 | 8 | 6.14 |
| 2019 | 17 | 6.52 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Azure Devops Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Azure Devops Server Security Vulnerabilities
Azure DevOps Server Spoofing Vulnerability
CVE-2024-35266
7.6 - High
- July 09, 2024
Azure DevOps Server Spoofing Vulnerability
Azure DevOps Server Spoofing Vulnerability
CVE-2024-35267
7.6 - High
- July 09, 2024
Azure DevOps Server Spoofing Vulnerability
Azure DevOps Server Remote Code Execution Vulnerability
CVE-2024-20667
7.5 - High
- February 13, 2024
Azure DevOps Server Remote Code Execution Vulnerability
Azure DevOps Server Spoofing Vulnerability
CVE-2023-21751
6.5 - Medium
- December 14, 2023
Azure DevOps Server Spoofing Vulnerability
Azure DevOps Server Elevation of Privilege Vulnerability
CVE-2023-36561
7.3 - High
- October 10, 2023
Azure DevOps Server Elevation of Privilege Vulnerability
Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-33136
8.8 - High
- September 12, 2023
Azure DevOps Server Remote Code Execution Vulnerability
Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-38155
8.1 - High
- September 12, 2023
Azure DevOps Server Remote Code Execution Vulnerability
Azure DevOps Server Spoofing Vulnerability
CVE-2023-36869
6.3 - Medium
- August 08, 2023
Azure DevOps Server Spoofing Vulnerability
Azure DevOps Server Spoofing Vulnerability
CVE-2023-21569
5.5 - Medium
- June 14, 2023
Azure DevOps Server Spoofing Vulnerability
Azure DevOps Server Spoofing Vulnerability
CVE-2023-21565
7.1 - High
- June 14, 2023
Azure DevOps Server Spoofing Vulnerability
Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-21553
7.5 - High
- February 14, 2023
Azure DevOps Server Remote Code Execution Vulnerability
Azure DevOps Server Cross-Site Scripting Vulnerability
CVE-2023-21564
7.1 - High
- February 14, 2023
Azure DevOps Server Cross-Site Scripting Vulnerability
XSS
Azure DevOps Server Spoofing Vulnerability
CVE-2021-28459
6.1 - Medium
- April 13, 2021
Azure DevOps Server Spoofing Vulnerability
XSS
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
CVE-2021-27067
6.5 - Medium
- April 13, 2021
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
CVE-2020-17145
5.4 - Medium
- December 10, 2020
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Azure DevOps Server Spoofing Vulnerability
CVE-2020-17135
6.4 - Medium
- December 10, 2020
Azure DevOps Server Spoofing Vulnerability
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
CVE-2020-1325
5.4 - Medium
- November 11, 2020
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input
CVE-2020-1326
5.4 - Medium
- July 14, 2020
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
XSS
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests
CVE-2020-1327
6.1 - Medium
- June 09, 2020
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.
Injection
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens
CVE-2020-0815
7.5 - High
- March 12, 2020
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.
Improper Privilege Management
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens
CVE-2020-0758
7.5 - High
- March 12, 2020
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.
Improper Privilege Management
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input
CVE-2020-0700
5.4 - Medium
- March 12, 2020
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
XSS
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly
CVE-2019-1306
9.8 - Critical
- September 11, 2019
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.
Improper Input Validation
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input
CVE-2019-1305
5.4 - Medium
- September 11, 2019
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
XSS
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input
CVE-2019-1076
5.4 - Medium
- July 15, 2019
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
XSS
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input
CVE-2019-1072
9.8 - Critical
- July 15, 2019
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.
Improper Input Validation
A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications
CVE-2019-0996
6.5 - Medium
- June 12, 2019
A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability could bypass OAuth protections and register an application on behalf of the targeted user. To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request. The attacker would then need to convince a targeted user to click a link to the malicious page. The update addresses the vulnerability by modifying how Azure DevOps Server protects application registration requests.
Session Riding
An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server
CVE-2019-0971
6.5 - Medium
- May 16, 2019
An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'.
Output Sanitization
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0872
5.4 - Medium
- May 16, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979.
XSS
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0979
5.4 - Medium
- May 16, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872.
XSS
A spoofing vulnerability
CVE-2019-0857
6.5 - Medium
- April 09, 2019
A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'.
Output Sanitization
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions
CVE-2019-0875
7.5 - High
- April 09, 2019
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input
CVE-2019-0874
6.1 - Medium
- April 09, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
XSS
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0871
6.1 - Medium
- April 09, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870.
XSS
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0870
6.1 - Medium
- April 09, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871.
XSS
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests
CVE-2019-0869
6.1 - Medium
- April 09, 2019
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.
XSS
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0868
6.1 - Medium
- April 09, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871.
XSS
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0867
6.1 - Medium
- April 09, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.
XSS
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input
CVE-2019-0866
6.1 - Medium
- April 09, 2019
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Azure Devops Server or by Microsoft? Click the Watch button to subscribe.
