Wednesday, May 14, 2025
HomeCyber Security NewsMultiple Azure DevOps Vulnerabilities Let Inject CRLF Queries & Rebind DNS

Multiple Azure DevOps Vulnerabilities Let Inject CRLF Queries & Rebind DNS

Published on

SIEM as a Service

Follow Us on Google News

Researchers uncovered several significant vulnerabilities within Azure DevOps, specifically focusing on potential Server-Side Request Forgery (SSRF) weaknesses.

The findings highlight the importance of robust security measures in cloud-based development environments.

During testing, the researcher aimed to identify any Service Connections in the Azure environment that utilized privileged Service Principals.

- Advertisement - Google News

This is a critical area of concern as attackers gaining access to developer accounts could exploit these connections for privilege escalation, posing serious risks to the integrity of Azure and other interconnected systems.

The researcher utilized Burp Suite to proxy the Azure DevOps application and found an endpoint related to creating Service Connections.

Azure DevOps Vulnerabilities
New Azure Service Connection

This led to the identification of an SSRF vulnerability in the endpointproxy API, which allowed for unauthorized requests to internal services.

Notably, the researcher attempted to insert a payload to test if SSRF was possible, successfully receiving outbound requests from Azure DevOps to their Burp Collaborator server.

This was particularly concerning as it involved the use of a valid Azure token, raising questions about the security of token scopes associated with Azure Resource Manager (ARM).

Bypassing Security Measures

Despite Microsoft’s claims of fixing previous vulnerabilities, the researcher demonstrated that they could bypass these fixes through a technique known as DNS rebinding.

By registering a domain that resolved to different IP addresses, they were able to re-establish communication with the metadata API, which is generally protected against such requests.

Additionally, through their exploration of Azure DevOps’ Service Hooks, the researcher found another avenue for SSRF attacks.

Azure DevOps Vulnerabilities
Service Hooks

Binary Security discovered that the application did not adequately validate URL parameters, allowing external and internal service access that could be exploited for malicious purposes.

The researcher reported these vulnerabilities to Microsoft, which acknowledged the findings and awarded bounties for each of the discovered issues.

The timeline of interactions with Microsoft included:

  • October 10, 2023: First SSRF vulnerability reported.
  • November 14, 2023: Microsoft confirmed the vulnerability and awarded a $5000 bounty.
  • January 20, 2024: A second $5000 bounty awarded for the DNS rebinding vulnerability.

This series of discoveries emphasizes the potential risks associated with overlooked security measures in cloud applications like Azure DevOps.

The ability of a researcher to find multiple SSRF vulnerabilities in a relatively short time frame suggests that there may be further unaddressed vulnerabilities within the system.

Organizations utilizing Azure DevOps should remain vigilant and ensure that robust security practices are in place to protect against such exploits.

As cloud environments continue to evolve, maintaining security in APIs and access controls will be crucial to safeguarding sensitive data and maintaining user trust.

Investigate Real-World Malicious Links & Phishing Attacks With ANY.RUN Malware Sandbox - Try 14 Days Free Trial

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across...

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...

Ransomware Attacks Surge by 123% Amid Evolving Tactics and Strategies

The 2025 Third-Party Breach Report from Black Kite highlights a staggering 123% surge in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day

Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across...

Ivanti Released Security Updates to Fix for the Mutiple RCE Vulnerabilities – Patch Now

Ivanti, a leading enterprise software provider, has released critical security updates addressing vulnerabilities across...

Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild

A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products,...