VDB

GCVE-110-CLOUD-2023-0043

GCVE-110-CLOUD-2023-0043
Advisory Published
Vulnetix · Advisory published March 30, 2023
Legit Security found an RCE vulnerability in Azure Pipelines that could have allowed an attacker to gain complete control of variables and tasks by exploiting logging commands. This would have enabled them to execute malicious code in a context of a pipeline workflow, which would have granted them access to sensitive secrets such as cloud deployment keys, move laterally in the organization, and potentially initiate supply chain attacks. To exploit this vulnerability, an attacker would have needed permissions to create a pull request or push a commit in a repo integrated with Pipelines.

Affected Products

VendorProductVersionsPlatforms
AzureAzure Pipelines, Azure DevOps Services, Azure DevOps Server
AzureCloud Services

References

advisory

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›