Skip to main content

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code

posted onDecember 23, 2021
by l33tdawg
Threat Post
Credit: Threat Post

The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git.

The bug has almost certainly been exploited in the wild as a zero-day, according to an analysis from Wiz. The firm dubbed the vulnerability “NotLegit,” and said it has existed since September 2017.

The Azure App Service (aka Azure Web Apps) is a cloud computing-based platform for hosting websites and web applications. Local Git meanwhile allows developers to initiate a local Git repository within the Azure App Service container in order to deploy code straight to the server. After deployment, the application is accessible for anyone on the internet under the *.azurewebsites.net domain.

Source

Tags

Security Microsoft

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th