Описание
Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input. An attacker who successfully exploited the vulnerability could execute code on the target server in the context of the DevOps or TFS service account.
To exploit the vulnerability, an attacker could submit a specially crafted file to an affected server. If anonymous access is allowed to projects on an affected server, the attacker would not require authentication.
The update corrects the way that DevOps Server and TFS process certain file types.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Team Foundation Server 2012 Update 4 | ||
| Team Foundation Server 2013 Update 5 | ||
| Team Foundation Server 2017 Update 3.1 | ||
| Team Foundation Server 2018 Update 1.2 | ||
| Team Foundation Server 2018 Update 3.2 | ||
| Team Foundation Server 2015 Update 4.2 | ||
| Azure DevOps Server 2019.0.1 | ||
| Team Foundation Server 2010 SP1 (x86) | ||
| Team Foundation Server 2010 SP1 (x64) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'.
Уязвимость набора средств разработки программного обеспечения для совместной работы Azure DevOps Server и системы управления проектами и контроля версий Team Foundation Server, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код
EPSS