CVE-2020-17145: Azure DevOps Server and Team Foundation Services Spoofing Vulnerability

Overview

Severity

Medium (CVSS 5.4)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Dec

Released

2020-12-08

EPSS Score

0.53% (percentile: 67.3%)

Affected Products (7)

Developer Tools

• Azure DevOps Server 2019.0.1
• Team Foundation Server 2017 Update 3.1
• Team Foundation Server 2018 Update 1.2
• Team Foundation Server 2018 Update 3.2
• Team Foundation Server 2015 Update 4.2
• Azure DevOps Server 2019 Update 1.1
• Azure DevOps Server 2020

Security Updates (7)

• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes
• Release Notes

Acknowledgments

<a href="http://vnprogramming.com">Pham Van Khanh</a> (<a href="https://twitter.com/rskvp93">@rskvp93</a>) from Viettel Cyber Security

Revision History

• 2020-12-08: Information published.