SSRF in Azure DevOps Services
Now I want to write an article about my exploiting Microsoft vulnerabilities. Because I am too lazy, I have never used to write articles. Now I try to share the vulnerability I have find.
This vulnerability exists in azure devops services. Because each vendor’s criteria are different, the handling of the vulnerability is different. Microsoft’s handling of this vulnerability is not fixed today, and will be fixed in the future.However, I still want to share some inspirations when I am doing Microsoft’s bug bounty project.
The vulnerability exists in this link https://dev.azure.com/hackyzh/xss/_settings/boards-external-integration#, and select “GitHub connections”, then select “GitHub Enterprise Server”.Finally enter the url in the selection box.How about this vulnerability? Is it very simple? As long as you are careful, you will find this vulnerability.

Eventually this page will return some information.


Timeline :
- 15— September— 2019 : Report the issue to MSRC
- 17 — September— 2019 : MSRC open case #54027
- 10— October— 2019 : Consult the details of this issue
- 12 — October— 2019 : listed as a moderate severity
- 25 — October— 2019 : would not be eligible for bounty
- 31— October — 2019 : MSRC decided to fix this is in a future release
- — Now: publish
