Azure Devops Server Microsoft Azure Devops Server

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Azure Devops Server.

Recent Microsoft Azure Devops Server Security Advisories

Advisory Title Published
CVE-2024-35267 CVE-2024-35267 Azure DevOps Server Spoofing Vulnerability July 9, 2024
CVE-2024-35266 CVE-2024-35266 Azure DevOps Server Spoofing Vulnerability July 9, 2024
CVE-2024-20667 Azure DevOps Server Remote Code Execution Vulnerability February 13, 2024
CVE-2023-21751 Azure DevOps Server Spoofing Vulnerability December 13, 2023
CVE-2023-36437 Azure DevOps Server Remote Code Execution Vulnerability November 14, 2023
CVE-2023-36561 Azure DevOps Server Elevation of Privilege Vulnerability October 10, 2023
CVE-2023-33136 Azure DevOps Server Remote Code Execution Vulnerability September 12, 2023
CVE-2023-38155 Azure DevOps Server Remote Code Execution Vulnerability September 12, 2023
CVE-2023-36869 Azure DevOps Server Spoofing Vulnerability August 8, 2023
CVE-2023-21565 Azure DevOps Server Spoofing Vulnerability June 13, 2023

By the Year

In 2025 there have been 0 vulnerabilities in Microsoft Azure Devops Server. Last year, in 2024 Azure Devops Server had 3 security vulnerabilities published. Right now, Azure Devops Server is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 3 7.57
2023 9 7.13
2022 0 0.00
2021 2 6.30
2020 8 6.14
2019 17 6.52
2018 0 0.00

It may take a day or so for new Azure Devops Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Azure Devops Server Security Vulnerabilities

Azure DevOps Server Spoofing Vulnerability

CVE-2024-35266 7.6 - High - July 09, 2024

Azure DevOps Server Spoofing Vulnerability

Azure DevOps Server Spoofing Vulnerability

CVE-2024-35267 7.6 - High - July 09, 2024

Azure DevOps Server Spoofing Vulnerability

Azure DevOps Server Remote Code Execution Vulnerability

CVE-2024-20667 7.5 - High - February 13, 2024

Azure DevOps Server Remote Code Execution Vulnerability

Azure DevOps Server Spoofing Vulnerability

CVE-2023-21751 6.5 - Medium - December 14, 2023

Azure DevOps Server Spoofing Vulnerability

Azure DevOps Server Elevation of Privilege Vulnerability

CVE-2023-36561 7.3 - High - October 10, 2023

Azure DevOps Server Elevation of Privilege Vulnerability

Azure DevOps Server Remote Code Execution Vulnerability

CVE-2023-33136 8.8 - High - September 12, 2023

Azure DevOps Server Remote Code Execution Vulnerability

Azure DevOps Server Remote Code Execution Vulnerability

CVE-2023-38155 8.1 - High - September 12, 2023

Azure DevOps Server Remote Code Execution Vulnerability

Azure DevOps Server Spoofing Vulnerability

CVE-2023-36869 6.3 - Medium - August 08, 2023

Azure DevOps Server Spoofing Vulnerability

Azure DevOps Server Spoofing Vulnerability

CVE-2023-21569 5.5 - Medium - June 14, 2023

Azure DevOps Server Spoofing Vulnerability

Azure DevOps Server Spoofing Vulnerability

CVE-2023-21565 7.1 - High - June 14, 2023

Azure DevOps Server Spoofing Vulnerability

Azure DevOps Server Remote Code Execution Vulnerability

CVE-2023-21553 7.5 - High - February 14, 2023

Azure DevOps Server Remote Code Execution Vulnerability

Azure DevOps Server Cross-Site Scripting Vulnerability

CVE-2023-21564 7.1 - High - February 14, 2023

Azure DevOps Server Cross-Site Scripting Vulnerability

XSS

Azure DevOps Server Spoofing Vulnerability

CVE-2021-28459 6.1 - Medium - April 13, 2021

Azure DevOps Server Spoofing Vulnerability

XSS

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability

CVE-2021-27067 6.5 - Medium - April 13, 2021

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

CVE-2020-17145 5.4 - Medium - December 10, 2020

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

Azure DevOps Server Spoofing Vulnerability

CVE-2020-17135 6.4 - Medium - December 10, 2020

Azure DevOps Server Spoofing Vulnerability

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

CVE-2020-1325 5.4 - Medium - November 11, 2020

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input

CVE-2020-1326 5.4 - Medium - July 14, 2020

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.

XSS

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests

CVE-2020-1327 6.1 - Medium - June 09, 2020

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.

Injection

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens

CVE-2020-0815 7.5 - High - March 12, 2020

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.

Improper Privilege Management

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens

CVE-2020-0758 7.5 - High - March 12, 2020

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.

Improper Privilege Management

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input

CVE-2020-0700 5.4 - Medium - March 12, 2020

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.

XSS

A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly

CVE-2019-1306 9.8 - Critical - September 11, 2019

A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.

Improper Input Validation

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input

CVE-2019-1305 5.4 - Medium - September 11, 2019

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.

XSS

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input

CVE-2019-1076 5.4 - Medium - July 15, 2019

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.

XSS

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input

CVE-2019-1072 9.8 - Critical - July 15, 2019

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.

Improper Input Validation

A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications

CVE-2019-0996 6.5 - Medium - June 12, 2019

A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker who successfully exploited this vulnerability could bypass OAuth protections and register an application on behalf of the targeted user. To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request. The attacker would then need to convince a targeted user to click a link to the malicious page. The update addresses the vulnerability by modifying how Azure DevOps Server protects application registration requests.

Session Riding

An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server

CVE-2019-0971 6.5 - Medium - May 16, 2019

An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'.

Output Sanitization

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input

CVE-2019-0872 5.4 - Medium - May 16, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979.

XSS

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input

CVE-2019-0979 5.4 - Medium - May 16, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872.

XSS

A spoofing vulnerability

CVE-2019-0857 6.5 - Medium - April 09, 2019

A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'.

Output Sanitization

An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions

CVE-2019-0875 7.5 - High - April 09, 2019

An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input

CVE-2019-0874 6.1 - Medium - April 09, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.

XSS

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input

CVE-2019-0871 6.1 - Medium - April 09, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870.

XSS

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input

CVE-2019-0870 6.1 - Medium - April 09, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871.

XSS

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests

CVE-2019-0869 6.1 - Medium - April 09, 2019

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.

XSS

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input

CVE-2019-0868 6.1 - Medium - April 09, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871.

XSS

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input

CVE-2019-0867 6.1 - Medium - April 09, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.

XSS

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input

CVE-2019-0866 6.1 - Medium - April 09, 2019

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Azure Devops Server or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe