Azure DevOps Server Elevation of Privilege Vulnerability - CVE-2019-0875ID: oval:org.secpod.oval:def:54263 | Date: (C)2019-04-11 (M)2021-07-08 |
Class: VULNERABILITY | Family: windows |
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions. An attacker who exploited the vulnerabilty could add GitHub repos to a project without having the proper access granted to their account. To exploit the vulnerability, an attacker with access to a project would need to send a specially crafted request to an affected Azure DevOps Server.
Platform: |
Microsoft Windows 10 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Product: |
Azure DevOps Server 2019 |