Microsoft Azure Devops Server vulnerabilities
33 known vulnerabilities affecting microsoft/azure_devops_server.
Total CVEs
33
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH9MEDIUM22
Vulnerabilities
Page 1 of 2
CVE-2026-21512MEDIUMCVSS 6.5fixed in 2022.2.0v2022.2.02026-02-10
CVE-2026-21512 [MEDIUM] CWE-918 CVE-2026-21512: Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform s
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.
nvd
CVE-2024-20667HIGHCVSS 7.5v2019.1.2v2020.1.2+2 more2024-02-13
CVE-2024-20667 [HIGH] CWE-77 CVE-2024-20667: Azure DevOps Server Remote Code Execution Vulnerability
Azure DevOps Server Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2023-36561HIGHCVSS 7.3v2020.0.2v2020.1.2+1 more2023-10-10
CVE-2023-36561 [HIGH] CWE-284 CVE-2023-36561: Azure DevOps Server Elevation of Privilege Vulnerability
Azure DevOps Server Elevation of Privilege Vulnerability
nvd
CVE-2023-33136HIGHCVSS 8.8v2019.0.1v2019.1.2+4 more2023-09-12
CVE-2023-33136 [HIGH] CWE-77 CVE-2023-33136: Azure DevOps Server Remote Code Execution Vulnerability
Azure DevOps Server Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2023-38155HIGHCVSS 8.1v2019.0.1v2019.1.2+4 more2023-09-12
CVE-2023-38155 [HIGH] CWE-502 CVE-2023-38155: Azure DevOps Server Remote Code Execution Vulnerability
Azure DevOps Server Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2023-36869MEDIUMCVSS 6.3≥ 1.0.0, < 20230601.12023-08-08
CVE-2023-36869 [MEDIUM] CWE-79 Azure DevOps Server Spoofing Vulnerability
Azure DevOps Server Spoofing Vulnerability
Azure DevOps Server Spoofing Vulnerability
cvelistv5
CVE-2023-21553HIGHCVSS 7.5v2020.1.22023-02-14
CVE-2023-21553 [HIGH] CWE-94 CVE-2023-21553: Azure DevOps Server Remote Code Execution Vulnerability
Azure DevOps Server Remote Code Execution Vulnerability
nvd
CVE-2023-21564HIGHCVSS 7.1v20222023-02-14
CVE-2023-21564 [HIGH] CWE-79 CVE-2023-21564: Azure DevOps Server Cross-Site Scripting Vulnerability
Azure DevOps Server Cross-Site Scripting Vulnerability
nvd
CVE-2021-27067MEDIUMCVSS 6.5v2019v2019.0.1+1 more2021-04-13
CVE-2021-27067 [MEDIUM] CVE-2021-27067: Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
nvd
CVE-2020-17145MEDIUMCVSS 5.4v2019v2019.0.1+1 more2020-12-10
CVE-2020-17145 [MEDIUM] CVE-2020-17145: Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
nvd
CVE-2020-1325MEDIUMCVSS 5.4v20192020-11-11
CVE-2020-1325 [MEDIUM] CVE-2020-1325: Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
nvd
CVE-2020-1326MEDIUMCVSS 5.4v2019v2019.0.12020-07-14
CVE-2020-1326 [MEDIUM] CWE-79 CVE-2020-1326: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitiz
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
cvelistv5nvd
CVE-2020-1327MEDIUMCVSS 6.1v2019v2019.0.12020-06-09
CVE-2020-1327 [MEDIUM] CWE-79 CVE-2020-1327: A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle we
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.
cvelistv5nvd
CVE-2020-0758HIGHCVSS 7.5v2019v2019.0.12020-03-12
CVE-2020-0758 [HIGH] CVE-2020-0758: An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.
cvelistv5nvd
CVE-2020-0815HIGHCVSS 7.5v20192020-03-12
CVE-2020-0815 [HIGH] CVE-2020-0815: An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.
nvd
CVE-2020-0700MEDIUMCVSS 5.4v2019.0.12020-03-12
CVE-2020-0700 [MEDIUM] CWE-79 CVE-2020-0700: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitiz
A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
cvelistv5nvd
CVE-2019-1306CRITICALCVSS 9.8v2019v2019.0.12019-09-11
CVE-2019-1306 [CRITICAL] CWE-20 CVE-2019-1306: A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Serv
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.
cvelistv5nvd
CVE-2019-1305MEDIUMCVSS 5.4v2019.0.12019-09-11
CVE-2019-1305 [MEDIUM] CWE-79 CVE-2019-1305: A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sani
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
cvelistv5nvd
CVE-2019-1072CRITICALCVSS 9.8v2019.0.12019-07-15
CVE-2019-1072 [CRITICAL] CWE-20 CVE-2019-1072: A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TF
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.
cvelistv5nvd
CVE-2019-1076MEDIUMCVSS 5.4v2019.0.12019-07-15
CVE-2019-1076 [MEDIUM] CWE-79 CVE-2019-1076: A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sani
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
cvelistv5nvd
1 / 2Next →