CVE-2019-0971

CWE-1166 documents6 sources

Severity

6.5MEDIUM

EPSS

10.1%

top 6.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Azure Devops Server Microsoft Team Foundation Server 2018 Microsoft Team Foundation Server

Timeline

PublishedMay 16

Latest updateMay 24

Description

An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5microsoft/azure_devops_server2019

▶NVDmicrosoft/azure_devops_server2019

▶NVDmicrosoft/team_foundation_server2018

▶CVEListV5microsoft/team_foundation_server_2018Update 3.2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-858j-7757-pwv6: An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially craf↗2022-05-24

▶

CVEList

CVE-2019-0971: An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially craf↗2019-05-16

▶

📋Vendor Advisories

Microsoft

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability↗2019-05-14

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Denial-of-service vulnerability in NVIDIA driver↗2020-06-24

▶

💬Community

Bugzilla

CVE-2019-3839 ghostscript: missing attack vector protections for CVE-2019-6116↗2019-02-07

▶