Main Vulnerability Database Vulnerabilities #VU15843

Authorization bypass in Team Foundation Server - CVE-2018-8529

Published: November 13, 2018

Vulnerability identifier: #VU15843

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-8529

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Team Foundation Server

Detailed vulnerability description

The disclosed vulnerability allows a remote attacker to bypass authorization on the target system.

The vulnerability exists due to Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services. A remote attacker can bypass authorization to run certain commands on the Search service and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

How to mitigate CVE-2018-8529

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8529

Authorization bypass in Team Foundation Server - CVE-2018-8529

Detailed vulnerability description

How to mitigate CVE-2018-8529

Sources

Please verify you're human