[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Azure DevOps Server HTML Injection Vulnerability - CVE-2019-0869

ID: oval:org.secpod.oval:def:54259Date: (C)2019-04-11   (M)2021-06-02
Class: VULNERABILITYFamily: windows




A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input. An attacker who exploited the vulnerability could trick a user into loading a page containing malicious content. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Azure DevOps Server, which would get executed in the context of the user every time a user visits the compromised page. To exploit the bypass, an attacker can leverage any external source in the script-src to embed malicious script by bypassing Content Security Policy (CSP).

Platform:
Microsoft Windows 10
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Product:
Azure DevOps Server 2019
Reference:
CVE-2019-0869
CVE    1
CVE-2019-0869
CPE    1
cpe:/o:microsoft:azure_devops_server_2019

© SecPod Technologies