CVE-2020-1325: Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Overview
- Severity
- Medium (CVSS 5.4)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
- Category
- Spoofing
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2020-Nov
- Released
- 2020-11-10
- Last Updated
- 2020-12-08
- EPSS Score
- 1.56% (percentile: 81.5%)
Affected Products (1)
Developer Tools
- Azure DevOps Server 2019 Update 1.1
Security Updates (1)
Acknowledgments
Maciej Porebski
Revision History
- 2020-11-10: Information published.
- 2020-12-08: Microsoft is announcing the availability of the security update for Azure DevOps Server 2019 Update 1.1 to address this vulnerability. Customers running Azure DevOps Server 2019 Update 1.1 should install the update to be protected from this vulnerability.