A new Azure Pipelines security issue has been found, Microsoft urges customers to update
The patch is already available and most customers should be safe
2 min. read
Published on
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
A new security flaw was found by security researchers that affects Azure Pipelines which can affect up to 70,000 open-source projects.
What do we know about this security flaw and how dangerous it is? Keep on reading if you want to learn more.
A new security flaw lets hackers run code in a live environment
According to researchers at Legit Security, there’s a flaw in Azure Pipelines. Using this flaw, the hackers can inject malicious code into source code and other projects that are hosted in a testing environment.
According to the reports, the vulnerability is triggered after submitting a contribution or editing a build system project that resides on Azure Pipelines.
The code that is tested in Azure Pipelines usually runs in a safe environment, but hackers have found a way to run the test code in the live environment, allowing it to access sensitive information and data.
According to research, the most vulnerable are the repositories that are using a trigger in Azure Pipelines.
With this exploit hackers can obtain elevated access to the organization’s network; however, this doesn’t make them able to execute an attack, according to Microsoft.
Microsoft released a patch in October and all customers that are up to date should be protected from this exploit. The company is vigilant when it comes to security, and they also patched CVE-2024-0519 vulnerability in Edge recently.
While this exploit is dangerous, as long as you’re up to date, you should be safe since Microsoft has acknowledged and fixed the problem. In case you don’t have automatic updates enabled, go ahead and download the update manually.
