CVE-2020-17145Improper Input Validation in Microsoft Azure Devops Server 2019.0.1

CWE-20Improper Input Validation4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.5%
top 32.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Microsoft Azure Devops Server 2019.0.1Microsoft Azure Devops Server 2019 Update 1.1Microsoft Azure Devops Server 2020+6 more
Timeline
PublishedDec 10
Latest updateMay 24

Description

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages9 packages

CVEListV5microsoft/azure_devops_server_20202020publication
CVEListV5microsoft/azure_devops_server_2019.0.12019.0.0publication
CVEListV5microsoft/azure_devops_server_2019_update_1.11.0publication

Patches

Patch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-8frx-3j37-5wj8: , aka 'Azure DevOps Server and Team Foundation Services Spoofing Vulnerability'2022-05-24
CVEList
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability2020-12-09

📋Vendor Advisories

1
Microsoft
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability2020-12-08
CVE-2020-17145 — Improper Input Validation in Microsoft | cvebase