You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
project security
About this tag
The project security tag covers discussions about securing development and project management platforms, with a focus on Microsoft Azure DevOps Server and Team Foundation Services. A recent thread highlights a critical elevation of privilege vulnerability in these systems, where improper handling of pipeline job tokens could allow an attacker with project access to escalate privileges by swapping short-term tokens for long-term ones. The vulnerability is addressed by updates that correct token handling. This tag is relevant for IT professionals, developers, and security administrators managing Microsoft DevOps environments, emphasizing the importance of patching and secure token management to protect project integrity and access controls.
An elevation of privilege vulnerability exists in Azure DevOps Server and Team Foundation Services due to improper handling of pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project.
To exploit this vulnerability, an attacker would...