Three SSRF Vulnerabilities Found in Azure DevOps
/ 1 min read
🕵️♂️ Three SSRF Vulnerabilities Discovered in Azure DevOps. Security researchers at Binary Security identified and reported three Server-Side Request Forgery (SSRF) vulnerabilities in Azure DevOps, which could allow attackers to exploit privileged Service Connections. The vulnerabilities were discovered during a client engagement and involved techniques such as DNS rebinding and CRLF injection. Microsoft acknowledged the issues, awarding bounties totaling $15,000 for the findings. Despite initial fixes, the researchers demonstrated that one vulnerability could be bypassed, prompting further investigation. The article highlights the potential for additional vulnerabilities within Azure DevOps, emphasizing the importance of thorough security testing in cloud applications.
