PT-2019-1828 · Microsoft · Azure Devops Server

Wesley Wineberg

Published

2019-04-09

Updated

2020-08-24

CVE-2019-0869

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Azure DevOps Server (affected versions not specified)

Description The issue exists due to the failure to neutralize special elements, which can be exploited by a remote attacker using a specially crafted link to impact the confidentiality and integrity of protected information. This is related to a spoofing vulnerability when the software fails to properly handle web requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Special Elements Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-79

Related Identifiers

BDU:2019-01480

CVE-2019-0869

Affected Products

Azure Devops Server

PT-2019-1828 · Microsoft · Azure Devops Server

CVE-2019-0869

Weakness Enumeration

Related Identifiers

Affected Products

References · 5