An Interest In:
Web News this Week
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
- April 13, 2024
- April 12, 2024
Some of Our Sources
- Simplebits
- Pearsonified
- Spoon Graphics
- Smashing Magazine
- Creative Curio
- Naldz Graphics
- Crazy Leaf Design
- Reencoded
- 24 Ways
- Specky Boy
Help Webnuz
Referal links:
December 22, 2021 10:50 pm
Original Link: https://it.slashdot.org/story/21/12/22/2216201/microsoft-notifies-customers-of-azure-bug-that-exposed-their-source-code?utm_source=rss1.0mainlinkanon&
Microsoft Notifies Customers of Azure Bug That Exposed Their Source Code
Microsoft has notified earlier this month a select group of Azure customers impacted by a recently discovered bug that exposed the source code of their Azure web apps since at least September 2017. The vulnerability was discovered by cloud security firm Wiz and reported to Microsoft in September. The issue was fixed in November, and Microsoft has spent the last few weeks investigating how many customers were impacted. The Record reports: The issue, nicknamed NotLegit, resides in Azure App Service, a feature of the Azure cloud that allows customers to deploy websites and web apps from a source code repository. Wiz researchers said that in situations where Azure customers selected the "Local Git" option to deploy their websites from a Git repository hosted on the same Azure server, the source code was also exposed online. All PHP, Node, Ruby, and Python applications deployed via this method were impacted, Microsoft said in a blog post today. Only apps deployed on Linux-based Azure servers were impacted, but not those hosted on Windows Server systems. Apps deployed as far back as 2013 were impacted, although the exposure began in September 2017, when the vulnerability was introduced in Azure's systems, the Wiz team said in a report today. [...] The most dangerous exposure scenarios are situations where the exposed source code contained a .git configuration file that, itself, contained passwords and access tokens for other customer systems, such as databases and APIs.Read more of this story at Slashdot.
Original Link: https://it.slashdot.org/story/21/12/22/2216201/microsoft-notifies-customers-of-azure-bug-that-exposed-their-source-code?utm_source=rss1.0mainlinkanon&
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot