CVE-2019-0647
Severity
6.5MEDIUM
EPSS
12.0%
top 6.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 17
Latest updateMay 14
Description
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages2 packages
▶CVEListV5microsoft/teamFoundation Server 2017 Update 3.1, Foundation Server 2018 Update 1.2, Foundation Server 2018 Update 3.2+2
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-v23r-27xv-r8wv: An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation S↗2022-05-14
CVEList▶
CVE-2019-0647: An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation S↗2019-01-17