Cross-site Scripting Vulnerability in Azure DevOps Server by Microsoft
CVE-2020-0700

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Azure Devops Server; Team Foundation Server 2018; Team Foundation Server; Azure Devops Server 2019
Vendor: CVE Published:; 12 March 2020

Summary

A Cross-site Scripting (XSS) vulnerability is found in Azure DevOps Server due to improper sanitization of user-generated input. This flaw allows malicious users to inject scripts into web pages viewed by other users, potentially leading to session hijacking, data theft, and other malicious actions. It's crucial for organizations using Azure DevOps Server to apply necessary updates and implement security measures to mitigate this risk.

Affected Version(s)

Azure DevOps Server 2019.0.1

Azure DevOps Server 2019 Update 1

Azure DevOps Server 2019 Update 1.1 = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 12, 2020
Vulnerability Reserved
Nov 4, 2019