CVE-2024-20667 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-20667
Azure DevOps Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del servidor Azure DevOps • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20667 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-21751 – Azure DevOps Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-21751
Azure DevOps Server Spoofing Vulnerability Vulnerabilidad de suplantación de identidad del servidor Azure DevOps • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21751 • CWE-284: Improper Access Control •
CVE-2023-38155 – Azure DevOps Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-38155
Azure DevOps Server Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Código del Servidor Azure DevOps This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Azure DevOps Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the MachinePropertyBag class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155 • CWE-502: Deserialization of Untrusted Data •