Azure DevOps Server Remote Code Execution Vulnerability
CVE-2024-20667

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Azure Devops Server 2022; Azure Devops Server; Azure Devops Server 2020.1.2
Vendor: CVE Published:; 13 February 2024

What is CVE-2024-20667?

A security vulnerability exists in Azure DevOps Server that permits remote code execution. This flaw can be exploited by an attacker to run arbitrary code within the context of the application, potentially leading to unauthorized access and severe impacts on the integrity and confidentiality of sensitive data. It is critical for organizations utilizing Azure DevOps Server to implement recommended security updates to mitigate this risk effectively. Detailed information and remediation guidance can be found in the Microsoft advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Azure DevOps Server 2020.1.2 Unknown 2020.1.0 < 20240126.2

Azure DevOps Server 2022 Unknown 20231128.1 < 20240126.4

Azure DevOps Server Unknown 1.0.0 < 20240126.6

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Nov 28, 2023

JSON

Microsoft

What is CVE-2024-20667?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.