VDB

GCVE-110-CLOUD-2025-0024

GCVE-110-CLOUD-2025-0024
Advisory Published
Vulnetix · Advisory published January 17, 2025
Three SSRF vulnerabilities were discovered in Azure DevOps, allowing access to internal metadata endpoints and potential CRLF injection. The issues affected the endpointproxy and Service Hooks functionality. DNS rebinding could bypass initial fixes. Microsoft awarded $15,000 in bug bounties for the findings.

Affected Products

VendorProductVersionsPlatforms
AzureCloud Services
AzureAzure DevOps

References

advisory

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›