high

Finding SSRFs in Azure DevOps

Published Fri, Jan 17th, 2025

Platforms

azure

Summary

Three SSRF vulnerabilities were discovered in Azure DevOps, allowing access to internal metadata endpoints and potential CRLF injection. The issues affected the endpointproxy and Service Hooks functionality. DNS rebinding could bypass initial fixes. Microsoft awarded $15,000 in bug bounties for the findings.

Affected Services

Azure DevOps

Remediation

None required. Microsoft has patched the vulnerabilities.

Tracked CVEs

No tracked CVEs

References

https://binarysecurity.no/posts/2025/01/finding-ssrfs-in-devops

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Tue, Oct 10th, 2023

Exploitability Period

Until 2024/02/15

Known ITW Exploitation

-

Detection Methods

Monitor for unusual outbound requests from Azure DevOps servers to internal endpoints or unexpected external domains.

Piercing Index Rating

-

Discovered by

Torjus Bryne Retterstøl, Binary Security AS

More vulnerabilities...

medium

CloudWatch Dashboard Sharing Exposes EC2 Tags

aws

A vulnerability in AWS CloudWatch dashboard sharing allowed viewers to access EC2 instance tags and potentially invoke Lambda functions in the source account. The issue stemmed from a logic bug in ...

Leonidas Tsaousis, WithSecure
high

Issue with Amazon WorkSpaces and AppStream 2.0 Clients

aws

AWS identified two vulnerabilities in specific versions of native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV. These issues could allow man-in-the-middle attacks, potentiall...

AWS
high

Hijacking Azure Machine Learning Notebooks

azure

Azure Machine Learning notebooks can be hijacked by attackers with Storage Account access to inject malicious code. A now-fixed vulnerability allowed Reader role escalation to code execution. The a...

Karl Fosaaen, NetSPI
View all