CVE-2020-0815

CWE-269 — Improper Privilege Management10 documents5 sources

Severity

7.5HIGH

EPSS

5.4%

top 9.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Azure Devops Server 2019 Update 1.1 Microsoft Azure Devops Server

Timeline

PublishedMar 12

Latest updateMay 24

Description

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/azure_devops_server2019

▶CVEListV5microsoft/azure_devops_server_2019_update_1.1unspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-pg6g-7pwc-wmq6: An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure↗2022-05-24

▶

CVEList

CVE-2020-0815: An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure↗2020-03-12

▶

📋Vendor Advisories

Microsoft

Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability↗2020-03-10

▶

💬Community

Bugzilla

CVE-2020-6805 Mozilla: Use-after-free when removing data about origins↗2020-03-10

▶

Bugzilla

CVE-2020-6806 Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion↗2020-03-10

▶

Bugzilla

CVE-2020-6807 Mozilla: Use-after-free in cubeb during stream destruction↗2020-03-10

▶