CVE-2020-1327

6.1MEDIUM

Key Information:

Vendor: Microsoft
Status: Azure Devops Server; Azure Devops Server 2019; Azure Devops Server 2019 Update 1.1
Vendor: CVE Published:; 9 June 2020

Summary

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.

Affected Version(s)

Azure DevOps Server 2019.0.1

Azure DevOps Server 2019 Update 1

Azure DevOps Server 2019 Update 1.1 = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 9, 2020
Vulnerability Reserved
Nov 4, 2019

Collectors

NVD DatabaseMitre Database