CVE-2019-0647
published 2019-01-17CVE-2019-0647: An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server…
PriorityP335medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EPSS
4.61%
90.5th percentile
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | team | — | — |
| microsoft | team | — | — |
| microsoft | team | — | — |
| microsoft | team_foundation_server | — | — |
| microsoft | team_foundation_server | — | — |
| msrc | team_foundation_server_2017_update_3.1 | — | — |
| msrc | team_foundation_server_2018_update_1.2 | — | — |
| msrc | team_foundation_server_2018_update_3.2 | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v23r-27xv-r8wv: An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation S
ghsa_unreviewed·2022-05-14
CVE-2019-0647 [MEDIUM] CWE-200 GHSA-v23r-27xv-r8wv: An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation S
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.
Microsoft
Team Foundation Server Information Disclosure Vulnerability
vendor_msrc·2019-01-08·CVSS 6.5
CVE-2019-0647 [MEDIUM] Team Foundation Server Information Disclosure Vulnerability
Team Foundation Server Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret. An authenticated attacker who successfully exploited this vulnerability could view variables that were hidden by other users.
To exploit the vulnerability, an authenticated attacker would need to create a task group with a task containing a secret variable.
The security update addresses the vulnerability by correcting how variables are handled.
FAQ: What version of Team Foundation Server is affected by this vulnerability?
References for Team Foundation Server 2017 Update 3
Identification
Last version of Team Foundation Server 2017 Update 3 affected by this vulnerability
Version 3.1
Fi
Suricata
GPL RPC portmap bootparam request UDP
suricata·2010-09-23
CVE-1999-0647 GPL RPC portmap bootparam request UDP
GPL RPC portmap bootparam request UDP
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"GPL RPC portmap bootparam request UDP"; content:"|00 01 86 A0|"; depth:4; offset:12; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 01 86 BA|"; within:4; content:"|00 00 00 00|"; depth:4; offset:4; reference:arachnids,16; reference:cve,1999-0647; classtype:rpc-portmap-decode; sid:2100577; rev:14; metadata:created_at 2010_09_23, cve CVE_1999_0647, signature_severity Informational, updated_at 2019_07_26;)
No public exploits indexed.
No writeups or analysis indexed.
2019-01-17
Published