VDB
GCVE-110-CLOUD-2025-0024
GCVE-110-CLOUD-2025-0024
Advisory Published
Three SSRF vulnerabilities were discovered in Azure DevOps, allowing access to internal metadata endpoints and potential CRLF injection. The issues affected the endpointproxy and Service Hooks functionality. DNS rebinding could bypass initial fixes. Microsoft awarded $15,000 in bug bounties for the findings.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Azure | Cloud Services | — | — |
| Azure | Azure DevOps | — | — |
Browse GCVE Records
73,442 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.