Data security course specialists reported the finding of a critical vulnerability in Azure DevOps, a Microsoft product that provides versioning, reporting, requirements management, project management, automated builds, and more.
The vulnerability exists due to incorrect input validation when processing HTTP requests and would allow hackers to launch website forgery attacks. Threat actors could trick a target user into redirecting them to a malicious website.
According to the report of data security course specialists, this vulnerability is present in the following versions of Azure DevOps: 2019 1.1, 2019.0.1.
Tracked as CVE-2020-1327, this vulnerability received a score of 4.1/10 on the Common Vulnerability Scoring System (CVSS) scale, so it is considered a medium severity error, data security course specialists report.
While this vulnerability can be exploited by an unauthenticated remote attacker over the Internet, there do not appear to be records of an exploit to begin the attack.
For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.