CVE-2023-33136

CWE-77 — Command Injection4 documents4 sources

Severity

8.8HIGH

EPSS

0.7%

top 28.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

5

Microsoft Azure Devops Server Microsoft Azure Devops Server 2019.0.1 Microsoft Azure Devops Server 2020.0.2 +2 more

Timeline

PublishedSep 12

Description

Azure DevOps Server Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5microsoft/azure_devops_server1.0.0 — 20230825.1

▶CVEListV5microsoft/azure_devops_server_2019.0.12019.0.0 — 20230601.3

▶CVEListV5microsoft/azure_devops_server_2020.0.22020.0.0 — 20230820.2

▶CVEListV5microsoft/azure_devops_server_2020.1.22020.1.0 — 20230823.1

▶CVEListV5microsoft/azure_devops_server_2022.0.12022.0.0 — 20230825.4

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-rw46-pqg7-qwfj: Azure DevOps Server Remote Code Execution Vulnerability↗2023-09-12

▶

CVEList

Azure DevOps Server Remote Code Execution Vulnerability↗2023-09-12

▶

📋Vendor Advisories

1

Microsoft

Azure DevOps Server Remote Code Execution Vulnerability↗2023-09-12

▶

CVE-2023-33136 (HIGH CVSS 8.8) | Azure DevOps Server Remote Code Exe | cvebase.io