Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
CVE-2020-17145

5.4MEDIUM

Key Information:

Vendor
Microsoft
Status
Azure Devops Server 2019.0.1
Team Foundation Server 2017 Update 3.1
Team Foundation Server 2018 Update 1.2
Team Foundation Server 2018 Update 3.2
Vendor
CVE Published:
10 December 2020

Summary

Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

Affected Version(s)

Azure DevOps Server 2019 Update 1.1 Unknown 1.0

Azure DevOps Server 2019.0.1 Unknown 2019.0.0

Azure DevOps Server 2020 Unknown 2020

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.