VDB
GCVE-110-CLOUD-2025-0051
GCVE-110-CLOUD-2025-0051
Advisory Published
Three SSRF vulnerabilities were discovered in Azure DevOps, allowing access to internal metadata endpoints and potential CRLF injection. The issues affected the endpointproxy and Service Hooks functionality. DNS rebinding could bypass initial fixes. Microsoft awarded $15,000 in bug bounties for the findings.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Azure | DevOps | — | — |
References
Finding SSRFs in Azure DevOps
advisory
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.