CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-29813 – Azure DevOps Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29813
08 May 2025 — An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project. To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one. The update addresses the vulnerability by correcting how the Visual Studio updater handles these tokens. [Spoofable identity claims] Authentication Bypass by Assumed-I... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29813 • CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35267 – Azure DevOps Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-35267
09 Jul 2024 — Azure DevOps Server Spoofing Vulnerability Vulnerabilidad de suplantación de identidad del servidor Azure DevOps • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35267 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35266 – Azure DevOps Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-35266
09 Jul 2024 — Azure DevOps Server Spoofing Vulnerability Vulnerabilidad de suplantación de identidad del servidor Azure DevOps • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35266 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-20667 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20667
13 Feb 2024 — Azure DevOps Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del servidor Azure DevOps • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20667 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21751 – Azure DevOps Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-21751
13 Dec 2023 — Azure DevOps Server Spoofing Vulnerability Vulnerabilidad de suplantación de identidad del servidor Azure DevOps • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21751 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-36561 – Azure DevOps Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-36561
10 Oct 2023 — Azure DevOps Server Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en Azure DevOps Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36561 • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-33136 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-33136
12 Sep 2023 — Azure DevOps Server Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código del Servidor Azure DevOps • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 1%CPEs: 5EXPL: 0CVE-2023-38155 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38155
12 Sep 2023 — Azure DevOps Server Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código del Servidor Azure DevOps This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Azure DevOps Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the MachinePropertyBag class. The issue results from the lack of proper validation of user-sup... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-36869 – Azure DevOps Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-36869
08 Aug 2023 — Azure DevOps Server Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21569 – Azure DevOps Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-21569
13 Jun 2023 — Azure DevOps Server Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21569 • CWE-94: Improper Control of Generation of Code ('Code Injection') •