An elevation of privilege vulnerability exists in Azure DevOps Server and Team Foundation Services due to improper handling of pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project.
To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one.
The update addresses the vulnerability by correcting how the Visual Studio updater handles these tokens.
For more information, refer to the Microsoft Security Response Center advisory:
Security Update Guide - Microsoft Security Response Center
Source: MSRC Security Update Guide - Microsoft Security Response Center