Описание
Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly. An attacker who successfully exploited this vulnerability could execute code on the server in the context of the TFS or ADO service account.
To exploit the vulnerability, an attacker would need to upload a specially-crafted file to a vulnerable ADO or TFS server repo and wait for the system to index the file.
The security update addresses the vulnerability by correcting how ADO and TFS index files.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Team Foundation Server 2018 Update 3.2 | ||
| Azure DevOps Server 2019.0.1 | ||
| Azure DevOps Server 2019 Update 1 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'.
Уязвимость средств разработки программного обеспечения Team Foundation Server и Azure DevOps Server, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить произвольный код
EPSS