VDB

GCVE-110-CLOUD-2025-0051

GCVE-110-CLOUD-2025-0051
Advisory Published
Vulnetix · Advisory published January 17, 2025
Three SSRF vulnerabilities were discovered in Azure DevOps, allowing access to internal metadata endpoints and potential CRLF injection. The issues affected the endpointproxy and Service Hooks functionality. DNS rebinding could bypass initial fixes. Microsoft awarded $15,000 in bug bounties for the findings.

Affected Products

VendorProductVersionsPlatforms
AzureDevOps

References

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›