CVE-2019-1306
Summary
| CVE | CVE-2019-1306 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-09-11 22:15:00 UTC |
| Updated | 2020-07-15 17:31:00 UTC |
| Description | A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Azure Devops Server | 2019 | update1 | All | All |
| Operating System | Microsoft | Azure Devops Server | 2019.0.1 | All | All | All |
| Operating System | Microsoft | Azure Devops Server | 2019 | update1 | All | All |
| Operating System | Microsoft | Azure Devops Server | 2019.0.1 | All | All | All |
| Application | Microsoft | Team Foundation Server | 2018 | 3.2 | All | All |
| Application | Microsoft | Team Foundation Server | 2018 | 3.2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1306 | MISC | portal.msrc.microsoft.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.