An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions. An attacker who exploited the vulnerabilty could add GitHub repos to a project without having the proper access granted to their account. To exploit the vulnerability, an attacker with access to a project would need to send a specially crafted request to an affected Azure DevOps Server.