Описание
Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project.
To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one.
The update addresses the vulnerability by correcting how the Azure DevOps Server and Team Foundation Services updater handles these tokens.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure DevOps Server 2019 Update 1.1 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0758.
Уязвимость средств разработки программного обеспечения Azure DevOps Server, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
EPSS