Spoofing Vulnerability in Azure DevOps Server by Microsoft
CVE-2019-0996

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Azure Devops Server 2019
Vendor: CVE Published:; 12 June 2019

What is CVE-2019-0996?

A vulnerability exists in Azure DevOps Server that allows attackers to spoof legitimate requests due to improper handling of application authorization. This issue may lead to unauthorized actions being performed on behalf of users, potentially compromising sensitive data and system integrity. It is crucial for organizations using Azure DevOps Server to apply necessary updates and mitigations to safeguard against possible exploits.

Affected Version(s)

Azure DevOps Server 2019 Unknown 0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2019
Vulnerability Reserved
Nov 26, 2018