| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2024-20667 | Azure DevOps Server Remote Code Execution | Microsoft Azure | Important | 19-02-2024 |
Technical Information
Azure DevOps server covers the entire applciation lifecycle and enables DevOps capabilities. The attacker requires a Queue Build permissions and Azure DevOps pipeline for meeting certain conditions to exploit this vulnerability for the target.
Patch release date: Feb 13, 2024
Further information on this vulnerability is available at CVE-2024-20667
Affected Software
Azure DevOps Server 2022.1,Azure DevOps Server 2019.1.2,
Azure DevOps Server 2020.1.2