Tuesday , February 18 2025
Azure DevOps

Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS

Security researchers have found several vulnerabilities in Azure DevOps that could enable attackers to inject CRLF queries and carry out DNS rebinding attacks. Binary Security found serious security risks in a widely used development platform during a client engagement.

The first vulnerability in Azure DevOps’ ‘endpointproxy’ feature enables Server-Side Request Forgery (SSRF).

150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

Indian government and educational websites, along with reputable financial brands, have experienced SEO poisoning, causing user traffic to be redirected...
Read More
150 Gov.t Portal affected  Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

The Cyber Threat Intelligence Unit of BGD e-GOV CIRT has found 600 vulnerable PRTG instances in Bangladesh, affected by the...
Read More
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru

Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages to the tune of Rs...
Read More
Builder claims Rs 150 cr for data loss;  AWS faces FIR In Bengaluru

CISA Warns Active Exploitation of Apple iOS Security Flaw

CISA has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, known as CVE-2025-24200, which...
Read More
CISA Warns Active Exploitation of Apple iOS Security Flaw

Massive IoT Data Breach Exposes 2.7 Billion Records

A major IoT data breach has exposed 2.7 billion records, including Wi-Fi network names, passwords, IP addresses, and device IDs....
Read More
Massive IoT Data Breach Exposes 2.7 Billion Records

SonicWall Firewall Auth Bypass Vulnerability Exploited in Wild

A serious authentication bypass vulnerability in SonicWall firewalls, called CVE-2024-53704, is currently being exploited, according to cybersecurity firms. The increase...
Read More
SonicWall Firewall Auth Bypass Vulnerability Exploited in Wild

AMD Patches High-Severity SMM Vulns Affecting EPYC and Ryzen Processors

AMD has released security patches for two high-severity vulnerabilities in its System Management Mode (SMM). If exploited, these could let...
Read More
AMD Patches High-Severity SMM Vulns Affecting EPYC and Ryzen Processors

Lazarus Group Unleashes New Malware Against Developers Worldwide

Lazarus Group has initiated a complex global campaign aimed at software developers and cryptocurrency users. Operation Marstech Mayhem uses the...
Read More
Lazarus Group Unleashes New Malware Against Developers Worldwide

Daily Security Update Dated : 15.02.2025

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated : 15.02.2025

Salt Typhoon to target Bangladeshi Universities, One identified

RedMike (Salt Typhoon) targeted university devices in Bangladesh, likely to access research in telecommunications, engineering, and technology, especially from institutions...
Read More
Salt Typhoon to target Bangladeshi Universities, One identified
    New Azure Service Connection

This vulnerability allows attackers to access internal services, risking exposure of sensitive information. The researcher showed that by altering the ‘url’ parameter in requests to the endpoint proxy API, communication with internal metadata services could occur.

The second vulnerability was found in Azure DevOps’ Service Hooks feature. This flaw enables both SSRF and CRLF injection. Attackers can exploit it to inject HTTP headers and modify outbound requests.

The researcher successfully injected the ‘Metadata: True’ header needed for communication with Azure metadata APIs.

  Service Hooks

The initial fix for the endpointproxy vulnerability was easily avoided using DNS rebinding techniques. This attack involves changing DNS records to link a malicious hostname to different IP addresses over time, which could allow access to internal network resources.

DNS rebinding poses a significant threat in cloud environments as more organizations transition their infrastructure to the cloud. In Azure environments, exploitation may result in the theft of access tokens from Azure Active Directory, particularly if managed identities are active on virtual machines.

SSRF vulnerabilities can result in serious consequences, such as unauthorized access to internal services, data leakage, and potentially remote code execution when paired with other weaknesses.

CRLF injection can cause HTTP response splitting, which may lead to cross-site scripting (XSS) attacks, cache poisoning, and other security problems.

Microsoft has recognized these vulnerabilities and awarded a total of $15,000 in bounties to the researcher. Azure DevOps users must keep all systems updated with the latest security patches.

Check Also

20

CISA Releases Advisories For 20 Industrial Control Systems (ICS)

On February 13, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued 20 advisories about …

Leave a Reply

Your email address will not be published. Required fields are marked *