| Thread Tools |
24th December 2021, 05:42 | #1 |
[M] Reviewer Join Date: May 2010 Location: Romania
Posts: 148,678
| Microsoft discovered bug in Azure app source code NotLegit flaw found by Wiz Microsoft has notified earlier this month a select group of Azure customers impacted by a recently discovered bug that exposed the source code of their Azure web apps since at least September 2017. The vulnerability was discovered by cloud security firm Wiz and reported to Microsoft in September. The issue was fixed in November, and Microsoft has spent the last few weeks investigating how many customers were impacted. The issue, nicknamed NotLegit, resides in Azure App Service, a feature of the Azure cloud that allows customers to deploy websites and web apps from a source code repository. Wiz researchers said that in situations where Azure customers selected the "Local Git" option to deploy their websites from a Git repository hosted on the same Azure server, the source code was also exposed online. All PHP, Node, Ruby, and Python applications deployed via this method were impacted, Microsoft said in a blog post today. Only apps deployed on Linux-based Azure servers were impacted, but not those hosted on Windows Server systems. Apps deployed as far back as 2013 were impacted, although the exposure began in September 2017, when the vulnerability was introduced in Azure's systems, the Wiz team said in a report today. The most dangerous exposure scenarios are situations where the exposed source code contained a .git configuration file that, itself, contained passwords and access tokens for other customer systems, such as databases and APIs. https://fudzilla.com/news/54089-micr...pp-source-code |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
All source code is vulnerable to old bidis | Stefan Mileschin | WebNews | 0 | 3rd November 2021 07:00 |
SolarWinds hackers accessed Microsoft source code for 3 products | Stefan Mileschin | WebNews | 0 | 19th February 2021 12:06 |
Windows XP source code leak sheds light on Microsoft's OS history | Stefan Mileschin | WebNews | 0 | 29th September 2020 11:10 |
Windows 10 source code leak is an embarrassment for Microsoft | Stefan Mileschin | WebNews | 0 | 26th June 2017 13:20 |
Microsoft Word for Windows version 1.1a source code | Stefan Mileschin | WebNews | 0 | 29th December 2016 07:03 |
Apollo 11's source code is now on GitHub | Stefan Mileschin | WebNews | 0 | 14th July 2016 10:24 |
Microsoft makes source code for MS-DOS and Word 1.1 public | Stefan Mileschin | WebNews | 0 | 27th March 2014 06:45 |
HTC delivers source code for the One and Droid DNA | Stefan Mileschin | WebNews | 0 | 11th April 2013 06:51 |
Doom 3 source code review | geoffrey | WebNews | 0 | 10th June 2012 13:31 |
Quake III Source Code to Be Released | jmke | WebNews | 0 | 13th August 2005 16:27 |
Thread Tools | |
| |