CVE-2019-0875 — Microsoft Azure Devops Server vulnerability

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.9%

top 16.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Azure Devops Server

Timeline

PublishedApr 9

Latest updateMay 13

Description

An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5microsoft/azure_devops_server2019

▶NVDmicrosoft/azure_devops_server2019

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-pwff-g9gp-9fjw: An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server E↗2022-05-13

▶

CVEList

CVE-2019-0875: An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server E↗2019-04-09

▶

📋Vendor Advisories

Microsoft

Azure DevOps Server Elevation of Privilege Vulnerability↗2019-04-09

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Accusoft ImageGear PNG IHDR width code execution vulnerability↗2019-12-02

▶