Microsoft Azure Devops Server 2019 Update 1.1 vulnerabilities

9 known vulnerabilities affecting microsoft/azure_devops_server_2019_update_1.1.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2021-27067MEDIUMCVSS 6.5≥ 1.0, < publication2021-04-13
CVE-2021-27067 [MEDIUM] CVE-2021-27067: Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
cvelistv5nvd
CVE-2020-17145MEDIUMCVSS 5.4≥ 1.0, < publication2020-12-10
CVE-2020-17145 [MEDIUM] CVE-2020-17145: Azure DevOps Server and Team Foundation Services Spoofing Vulnerability Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
cvelistv5nvd
CVE-2020-17135MEDIUMCVSS 6.4≥ 1.0, < publication2020-12-09
CVE-2020-17135 [MEDIUM] Azure DevOps Server Spoofing Vulnerability Azure DevOps Server Spoofing Vulnerability Azure DevOps Server Spoofing Vulnerability
cvelistv5
CVE-2020-1325MEDIUMCVSS 5.4≥ 1.0, < publication2020-11-11
CVE-2020-1325 [MEDIUM] CVE-2020-1325: Azure DevOps Server and Team Foundation Services Spoofing Vulnerability Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
cvelistv5nvd
CVE-2020-1326MEDIUMCVSS 5.4vunspecified2020-07-14
CVE-2020-1326 [MEDIUM] CWE-79 CVE-2020-1326: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitiz A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
cvelistv5nvd
CVE-2020-1327MEDIUMCVSS 6.1vunspecified2020-06-09
CVE-2020-1327 [MEDIUM] CWE-79 CVE-2020-1327: A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle we A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.
cvelistv5nvd
CVE-2020-0758HIGHCVSS 7.5vunspecified2020-03-12
CVE-2020-0758 [HIGH] CVE-2020-0758: An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.
cvelistv5nvd
CVE-2020-0815HIGHCVSS 7.5vunspecified2020-03-12
CVE-2020-0815 [HIGH] CVE-2020-0815: An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.
cvelistv5
CVE-2020-0700MEDIUMCVSS 5.4vunspecified2020-03-12
CVE-2020-0700 [MEDIUM] CWE-79 CVE-2020-0700: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitiz A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.
cvelistv5nvd