Описание
Team Foundation Server Information Disclosure Vulnerability
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret. An authenticated attacker who successfully exploited this vulnerability could view variables that were hidden by other users.
To exploit the vulnerability, an authenticated attacker would need to create a task group with a task containing a secret variable.
The security update addresses the vulnerability by correcting how variables are handled.
FAQ
What version of Team Foundation Server is affected by this vulnerability?
| References for Team Foundation Server 2017 Update 3 | Identification |
|---|---|
| Last version of Team Foundation Server 2017 Update 3 affected by this vulnerability | Version 3.1 |
| First version of Team Foundation Server 2017 Update 3 with this vulnerability addressed | Version 3.1 Patch Update |
| References for Team Foundation Server 2018 Update 1 | Identification |
|---|---|
| Last version of Team Foundation Server 2018 Update 1 affected by this vulnerability | Version 1.2 |
| First version of Team Foundation Server 2018 Update 1 with this vulnerability addressed | Version 1.2 Patch Update |
| References for Team Foundation Server 2018 Update 3 | Identification |
|---|---|
| Last version of Team Foundation Server 2018 Update 3 affected by this vulnerability | Version 3.1 |
| First version of Team Foundation Server 2018 Update 3 with this vulnerability addressed | Version 3.2 |
Please see Microsoft DevOps Blog for more information.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Team Foundation Server 2017 Update 3.1 | ||
| Team Foundation Server 2018 Update 1.2 | ||
| Team Foundation Server 2018 Update 3.2 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.
Уязвимость системы управления проектами и контроля версий Microsoft Team Foundation Server, связанная с ошибками механизма защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
EPSS