CVE-2024-20667

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 13, 2024

Updated: May 29, 2024

CWE ID 77

Summary

CVE-2024-20667 is a newly disclosed vulnerability affecting Azure DevOps Server. This issue permits an unauthenticated attacker to execute arbitrary code remotely. By exploiting this vulnerability, an attacker can gain full control over the targeted Azure DevOps Server, leading to potential data theft, server damage, or further compromise of the organization's network. The specific cause of the vulnerability has not been disclosed yet, but Microsoft urges all users to apply the available patches as soon as possible to prevent potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Azure DevOps

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ugdHRw
https://www.cve.org/CVERecord?id=CVE-2024-20667
https://nvd.nist.gov/vuln/detail/CVE-2024-20667

Back to Vulnerability Database