Name of the Vulnerable Software and Affected Versions Azure DevOps (affected versions not specified)

Description The issue affects Azure DevOps users, where the bot's token may be exposed in server or pipeline logs due to the http.extraheader=AUTHORIZATION parameter being logged without redaction. Users are advised to revoke their existing bot credentials and generate new ones after upgrading if there's a potential that logs have been saved to a location that others can view.

Recommendations For Azure DevOps users, revoke existing bot credentials and generate new ones after upgrading, especially if logs may have been saved to an accessible location. Do not share Renovate logs with anyone who cannot be trusted with access to the token.