Msrc Team Foundation Server 2018 Update 1.2 vulnerabilities

CVE-2021-27067 [MEDIUM] Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Azure DevOps Server pipeline configuration variables and secrets. Azure DevOps: Azure DevOps Microsoft: Microsoft Impact: In

CVE-2020-17145 [MEDIUM] Azure DevOps Server and Team Foundation Services Spoofing Vulnerability Azure DevOps Server and Team Foundation Services Spoofing Vulnerability Azure DevOps: Azure DevOps Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Remediation: Release Notes Reference: https://aka.ms/azdev2019.0.1patch Reference

CVE-2020-0700 [MEDIUM] Azure DevOps Server Cross-site Scripting Vulnerability Azure DevOps Server Cross-site Scripting Vulnerability Description: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page. The

CVE-2020-0758 [HIGH] Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project. To exploit this vulnerability, an attacker would first

CVE-2019-1305 [MEDIUM] Team Foundation Server Cross-site Scripting Vulnerability Team Foundation Server Cross-site Scripting Vulnerability Description: A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised p

CVE-2019-1072 [CRITICAL] Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input. An attacker who successfully exploited the vulnerability could execute code on the target server in the context of the DevOps or TFS service account. To exploit t

CVE-2019-0979 [MEDIUM] Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Description: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,

CVE-2019-0872 [MEDIUM] Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Description: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,

CVE-2019-0868 [MEDIUM] Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Description: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,

CVE-2019-0870 [MEDIUM] Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Description: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,

CVE-2019-0871 [MEDIUM] Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Description: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,

CVE-2019-0866 [MEDIUM] Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Description: A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,

CVE-2019-0777 [MEDIUM] Team Foundation Server Cross-site Scripting Vulnerability Team Foundation Server Cross-site Scripting Vulnerability Description: A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised p

CVE-2019-0647 [MEDIUM] Team Foundation Server Information Disclosure Vulnerability Team Foundation Server Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret. An authenticated attacker who successfully exploited this vulnerability could view variables that were hidden by other users. To exploit the vulnerability, an authenticated attacker would need to create a task group