Security News > 2021 > December > Microsoft Azure App Service flaw exposed customer source code

Microsoft Azure App Service flaw exposed customer source code
2021-12-22 19:15

A security flaw found in Azure App Service, a Microsoft-managed platform for building and hosting web apps, led to the exposure of PHP, Node, Python, Ruby, or Java customer source code deployed on Microsoft's cloud infrastructure.

Only Azure App Service Linux customers were impacted by the issue discovered and reported by researchers at cloud security vendor Wiz.io, with IIS-based applications deployed by Azure App Service Windows customers not being affected.

The researchers tested their theory that the insecure default behavior in Azure App Service Linux was likely exploited in the wild by deploying their own vulnerable app.

While this could point to attackers already knowing of the NotLegit flaw and specifically trying to find exposed Azure App Service apps' source code, these scans could also be explained as normal scans for exposed.

Deployed in Azure App Service since 2013 using any Git source, after a file was created or modified in the app container.

The Azure App Service documentation was also updated with a new section on properly securing apps' source code and in-place deployments.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-azure-app-service-flaw-exposed-customer-source-code/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399