<< Back
CVE Number Vulnerability Product Severity Date
CVE-2024-20667 Azure DevOps Server Remote Code Execution Microsoft Azure Important 19-02-2024

Technical Information

Azure DevOps server covers the entire applciation lifecycle and enables DevOps capabilities. The attacker requires a Queue Build permissions and Azure DevOps pipeline for meeting certain conditions to exploit this vulnerability for the target.

Patch release date: Feb 13, 2024
Further information on this vulnerability is available at CVE-2024-20667

Affected Software

Azure DevOps Server 2022.1,
Azure DevOps Server 2019.1.2,
Azure DevOps Server 2020.1.2