[Forgot Password]
Login  Register Subscribe

24547

 
 

132763

 
 

127571

 
 

909

 
 

105400

 
 

152

Paid content will be excluded from the download.


Download | Alert*
OVAL

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability - CVE-2019-0867

ID: oval:org.secpod.oval:def:54257Date: (C)2019-04-11   (M)2019-07-18
Class: VULNERABILITYFamily: windows




A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server, which will get executed in the context of the user every time a user visits the compromised page. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, execute malicious code, and use the victim's identity to take actions on the site on behalf of the user, such as change permissions and delete content.

Platform:
Microsoft Windows 10
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Product:
Azure DevOps Server 2019
Microsoft Visual Studio Team Foundation Server 2018 Update 3.2
Reference:
CVE-2019-0867
CVE    1
CVE-2019-0867
CPE    3
cpe:/a:microsoft:visual_studio_team_foundation_server:2018
cpe:/o:microsoft:azure_devops_server_2019
cpe:/a:microsoft:visual_studio_team_foundation_server:2018:u3.2

© SecPod Technologies