Azure DevOps Server Remote Code Execution Vulnerability
CVE-2023-21553

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Azure Devops Server 2020.1.2
Vendor: CVE Published:; 14 February 2023

Summary

The vulnerability in Azure DevOps Server allows attackers to execute arbitrary code remotely, potentially leading to total system compromise. This flaw could be exploited if an attacker gains access to the server, making it imperative for organizations to apply patches and security updates promptly to mitigate risk. The vulnerability affects specific versions of the Azure DevOps Server, emphasizing the importance of maintaining current software versions and applying security measures diligently.

Affected Version(s)

Azure DevOps Server 2020.1.2 Unknown 2020.1.0 < 20230131.3

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Dec 1, 2022