Main Vulnerability Database Vulnerabilities #VU36012

#VU36012 Improper Neutralization of Special Elements in Output Used by a Downstream Component in Azure DevOps Server - CVE-2019-0869

Published: April 9, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU36012

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-0869

CWE-ID: CWE-74

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Azure DevOps Server

Software vendor:
Microsoft

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/107768
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0869

#VU36012 Improper Neutralization of Special Elements in Output Used by a Downstream Component in Azure DevOps Server - CVE-2019-0869

Description

Remediation

External links

Please verify you're human