[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability - CVE-2019-0971

ID: oval:org.secpod.oval:def:54698Date: (C)2019-05-15   (M)2022-02-01
Class: VULNERABILITYFamily: windows




An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable server.To exploit this vulnerability, an authenticated attacker would need to create a page specifically designed to cause a server-side request. The attacker would then send a specially-crafted message to perform a server-side request forgery attack.

Platform:
Microsoft Windows 10
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Product:
Azure DevOps Server 2019
Microsoft Visual Studio Team Foundation Server 2018 Update 3.2
Reference:
CVE-2019-0971
CVE    1
CVE-2019-0971
CPE    3
cpe:/a:microsoft:visual_studio_team_foundation_server:2018
cpe:/o:microsoft:azure_devops_server_2019
cpe:/a:microsoft:visual_studio_team_foundation_server:2018:u3.2

© SecPod Technologies