high

Finding SSRFs in Azure DevOps

Published Fri, Jan 17th, 2025

Platforms

Summary

Three SSRF vulnerabilities were discovered in Azure DevOps, allowing access to internal metadata endpoints and potential CRLF injection. The issues affected the endpointproxy and Service Hooks functionality. DNS rebinding could bypass initial fixes. Microsoft awarded $15,000 in bug bounties for the findings.

Affected Services

Azure DevOps

Remediation

None required. Microsoft has patched the vulnerabilities.

Tracked CVEs

No tracked CVEs

References

https://binarysecurity.no/posts/2025/01/finding-ssrfs-in-devops

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Tue, Oct 10th, 2023

Exploitablity Period

Until 2024/02/15

Known ITW Exploitation

Detection Methods

Monitor for unusual outbound requests from Azure DevOps servers to internal endpoints or unexpected external domains.

Piercing Index Rating

Discovered by

Torjus Bryne Retterstøl, Binary Security AS

More vulnerabilities...

medium

CloudWatch Dashboard Sharing Exposes EC2 Tags

A vulnerability in AWS CloudWatch dashboard sharing allowed viewers to access EC2 instance tags and potentially invoke Lambda functions in the source account. The issue stemmed from a logic bug in ...

Leonidas Tsaousis, WithSecure

Thu, Jan 16th, 2025

high

Issue with Amazon WorkSpaces and AppStream 2.0 Clients

AWS identified two vulnerabilities in specific versions of native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV. These issues could allow man-in-the-middle attacks, potentiall...

AWS

Wed, Jan 15th, 2025

high

Hijacking Azure Machine Learning Notebooks

Azure Machine Learning notebooks can be hijacked by attackers with Storage Account access to inject malicious code. A now-fixed vulnerability allowed Reader role escalation to code execution. The a...

Karl Fosaaen, NetSPI

Wed, Jan 8th, 2025

View all