PT-2019-2258 · Microsoft · Azure Devops Server+1

Published

2019-05-14

Updated

2019-07-16

CVE-2019-0979

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Team Foundation Server and Azure DevOps Server (affected versions not specified)

Description The issue arises due to inadequate protection of the web page structure in Team Foundation Server and Azure DevOps Server. This allows a remote attacker to exploit the vulnerability by sending a specially crafted request to the Azure DevOps Server or Team Foundation Server, potentially leading to cross-site scripting attacks and the execution of arbitrary code in the context of the current user. The vulnerability is related to the improper sanitization of user-provided input.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2019-02029

CVE-2019-0979

Affected Products

Azure Devops Server

Team Foundation Server

PT-2019-2258 · Microsoft · Azure Devops Server+1

CVE-2019-0979

Weakness Enumeration

Related Identifiers

Affected Products

References · 4