Cross-site Scripting Vulnerability in Azure DevOps Server by Microsoft
CVE-2020-1326

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Azure Devops Server; Azure Devops Server 2019; Azure Devops Server 2019 Update 1.1
Vendor: CVE Published:; 14 July 2020

What is CVE-2020-1326?

A Cross-site Scripting (XSS) vulnerability exists in Azure DevOps Server, enabling attackers to inject malicious scripts through inadequately sanitized user inputs. This vulnerability could lead to unauthorized access to sensitive data, as attackers can execute arbitrary scripts within the context of the user's session. Proper input validation and sanitization are crucial for mitigating this risk to maintain the security integrity of applications utilizing Azure DevOps Server.

Affected Version(s)

Azure DevOps Server 2019.0.1

Azure DevOps Server 2019 Update 1

Azure DevOps Server 2019 Update 1.1 = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2020
Vulnerability Reserved
Nov 4, 2019