PT-2019-2258 · Microsoft · Azure Devops Server+1

Publicado

2019-05-14

Atualizado

2019-07-16

CVE-2019-0979

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Team Foundation Server and Azure DevOps Server (affected versions not specified)

Description The issue arises due to inadequate protection of the web page structure in Team Foundation Server and Azure DevOps Server. This allows a remote attacker to exploit the vulnerability by sending a specially crafted request to the Azure DevOps Server or Team Foundation Server, potentially leading to cross-site scripting attacks and the execution of arbitrary code in the context of the current user. The vulnerability is related to the improper sanitization of user-provided input.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2019-02029

CVE-2019-0979

Produtos afetados

Azure Devops Server

Team Foundation Server

PT-2019-2258 · Microsoft · Azure Devops Server+1

CVE-2019-0979

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4