PT-2019-2710 · Microsoft · Azure Devops Server+1

Published

2019-07-09

Updated

2019-07-18

CVE-2019-1076

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Team Foundation Server (affected versions not specified)

Description A Cross-site Scripting (XSS) issue exists due to improper sanitization of user-provided input. This could allow a remote attacker to execute arbitrary code in the context of the current user by sending a specially crafted request to the Team Foundation Server. The vulnerability is related to the lack of input data sanitization measures in the Azure DevOps Server and Team Foundation Server collaborative software development toolkit and project management and version control system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2019-02646

CVE-2019-1076

Affected Products

Azure Devops Server

Team Foundation Server

PT-2019-2710 · Microsoft · Azure Devops Server+1

CVE-2019-1076

Weakness Enumeration

Related Identifiers

Affected Products

References · 4