PT-2019-1828 · Microsoft · Azure Devops Server

Wesley Wineberg

Publicado

2019-04-09

Atualizado

2020-08-24

CVE-2019-0869

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Azure DevOps Server (affected versions not specified)

Description The issue exists due to the failure to neutralize special elements, which can be exploited by a remote attacker using a specially crafted link to impact the confidentiality and integrity of protected information. This is related to a spoofing vulnerability when the software fails to properly handle web requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Special Elements Injection

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-79

Identificadores relacionados

BDU:2019-01480

CVE-2019-0869

Produtos afetados

Azure Devops Server

PT-2019-1828 · Microsoft · Azure Devops Server

CVE-2019-0869

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5