Описание
Azure DevOps Server Elevation of Privilege Vulnerability
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability?
The attacker would gain access to the secrets of the user of the affected application.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?
While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure DevOps Server 2020.1.2 | ||
| Azure DevOps Server 2022.0.1 | ||
| Azure DevOps Server 2020.0.2 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.3 High
CVSS3
Связанные уязвимости
Azure DevOps Server Elevation of Privilege Vulnerability
Azure DevOps Server Elevation of Privilege Vulnerability
Уязвимость средства разработки программного обеспечения Azure DevOps Server, связанная с недостатками контроля доступа, позволяющая нарушителю выполнить произвольный код
EPSS
7.3 High
CVSS3