Wednesday , June 4 2025
Azure DevOps

Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS

Security researchers have found several vulnerabilities in Azure DevOps that could enable attackers to inject CRLF queries and carry out DNS rebinding attacks. Binary Security found serious security risks in a widely used development platform during a client engagement.

The first vulnerability in Azure DevOps’ ‘endpointproxy’ feature enables Server-Side Request Forgery (SSRF).

CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These...
Read More
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

ALERT
Thousands of IP addresses compromised nationwide: CIRT warn

As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent...
Read More
ALERT  Thousands of IP addresses compromised nationwide: CIRT warn

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....
Read More
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being...
Read More
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Critical RCE Flaw Patched in Roundcube Webmail

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...
Read More
Critical RCE Flaw Patched in Roundcube Webmail

Hacker claim Leak of Deloitte Source Code & GitHub Credentials

A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...
Read More
Hacker claim Leak of Deloitte Source Code & GitHub Credentials

CISA Issued Guidance for SIEM and SOAR Implementation

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...
Read More
CISA Issued Guidance for SIEM and SOAR Implementation

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Read More
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

Australia enacts mandatory ransomware payment reporting

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...
Read More
Australia enacts mandatory ransomware payment reporting

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...
Read More
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
    New Azure Service Connection

This vulnerability allows attackers to access internal services, risking exposure of sensitive information. The researcher showed that by altering the ‘url’ parameter in requests to the endpoint proxy API, communication with internal metadata services could occur.

The second vulnerability was found in Azure DevOps’ Service Hooks feature. This flaw enables both SSRF and CRLF injection. Attackers can exploit it to inject HTTP headers and modify outbound requests.

The researcher successfully injected the ‘Metadata: True’ header needed for communication with Azure metadata APIs.

  Service Hooks

The initial fix for the endpointproxy vulnerability was easily avoided using DNS rebinding techniques. This attack involves changing DNS records to link a malicious hostname to different IP addresses over time, which could allow access to internal network resources.

DNS rebinding poses a significant threat in cloud environments as more organizations transition their infrastructure to the cloud. In Azure environments, exploitation may result in the theft of access tokens from Azure Active Directory, particularly if managed identities are active on virtual machines.

SSRF vulnerabilities can result in serious consequences, such as unauthorized access to internal services, data leakage, and potentially remote code execution when paired with other weaknesses.

CRLF injection can cause HTTP response splitting, which may lead to cross-site scripting (XSS) attacks, cache poisoning, and other security problems.

Microsoft has recognized these vulnerabilities and awarded a total of $15,000 in bounties to the researcher. Azure DevOps users must keep all systems updated with the latest security patches.

Check Also

Qualcomm

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting …

Leave a Reply

Your email address will not be published. Required fields are marked *