Описание
Azure DevOps Server Remote Code Execution Vulnerability
FAQ
How could an attacker exploit this vulnerability?
An attacker could exploit an integer overflow vulnerability that results in arbitrary heap writes, which could be used to perform arbitrary code execution.
According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on ADO?
Yes, the attacker needs to be authenticated to Azure DevOps server.
Возможность эксплуатации
Publicly Disclosed
No
Exploited
No
Latest Software Release
Exploitation Less Likely
EPSS
Процентиль: 66%
0.00501
Низкий
8.8 High
CVSS3
Связанные уязвимости
CVSS3: 8.8
github
около 2 лет назад
Azure DevOps Server Remote Code Execution Vulnerability
EPSS
Процентиль: 66%
0.00501
Низкий
8.8 High
CVSS3