Spoofing Vulnerability in Microsoft Azure DevOps Server
CVE-2020-1327

6.1MEDIUM

Key Information:

Vendor: Microsoft
Status: Azure Devops Server; Azure Devops Server 2019; Azure Devops Server 2019 Update 1.1
Vendor: CVE Published:; 9 June 2020

Summary

A spoofing vulnerability exists in Microsoft Azure DevOps Server due to improper handling of web requests. This flaw can potentially allow an attacker to manipulate web interactions, leading to unauthorized access or modification of sensitive data. Organizations utilizing Azure DevOps Server should implement the necessary patches and security updates to safeguard their systems against potential exploitation. For detailed guidance, refer to Microsoft's official security advisory.

Affected Version(s)

Azure DevOps Server 2019.0.1

Azure DevOps Server 2019 Update 1

Azure DevOps Server 2019 Update 1.1 = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 9, 2020
Vulnerability Reserved
Nov 4, 2019