Описание
Azure DevOps Server Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions. An attacker who exploited the vulnerabilty could add GitHub repos to a project without having the proper access granted to their account.
To exploit the vulnerability, an attacker with access to a project would need to send a specially crafted request to an affected Azure DevOps Server.
The update addresses the vulnerability by correcting the way Azure DevOps Server handles project permissions.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure DevOps Server 2019 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.
An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.
Уязвимость средства разработки программного обеспечения Azure DevOps Server, связанная с недостаточной проверкой прав доступа к проектам, позволяющая нарушителю повысить свои привилегии
EPSS