VulnerableVendor Resources
| Resource | Link |
|---|---|
| Azure DevOps (and Azure DevOps Server) and the log4j vulnerability | https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 |
Community Resources
| Resource | Link |
|---|---|
| source | https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 |
Community Notes
| Source | Note |
|---|---|
| NCSC-NL | CVE-2021-44228: Vulnerable |
| NCSC-NL | When Azure DevOps Server Search is configured. Uses Elasticsearch OSS 6.2.4 (vulnerable) see Elasticsearch above for mitigation |
Sources
| Date | Attribution | Description |
|---|---|---|
| 2021-12-27 15:29:04 | NCSC-NL | Updated communityVulnerable. Updated community note. Updated community link source. Updated community note. |
| 2021-12-30 21:31:50 | CISAGov | Updated communityVulnerable. Updated vendor link Azure DevOps (and Azure DevOps Server) and the log4j vulnerability. |