high

Azure NotLegit

Published Thu, Oct 7th, 2021

Platforms

Summary

Azure App Service had an insecure default behavior that exposed the source code of customer applications written in PHP, Python, Ruby, or Node, that were deployed using “Local Git”.

Affected Services

N/A

Remediation

Remove these permissions - this can be done via an organization policy.

Tracked CVEs

No tracked CVEs

References

https://www.wiz.io/blog/azure-app-service-source-code-leak/

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Tue, Dec 21st, 2021

Exploitability Period

Sept 2017 - Dec 2021

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Shir Tamari, Wiz

More vulnerabilities...

low

Dropped active Google Cloud Armor security policy

There is a known issue where updating a BackendConfig resource using the v1beta1 API removes an active Google Cloud Armor security policy from its service. If you do not configure Google Cloud Arm...

Sep 29, 2021

low

Azure AD Seamless SSO logging bypass

Azure Active Directory Seamless Single Sign-On feature allowed single-factor brute-force attacks against Azure AD without generating sign-in events in the targeted organization’s tenant.

SecureworksSep 29, 2021

low

Exfiltrate data via the logs of GCP Org policy

Upon blocking a request, GCP Org policy constraints were logging the deny logs in Principal''s project and the blocking project. An attacker could use those logs to exfiltrate any data, by making r...

Jonathan Rault, TrustOnCloudSep 22, 2021

View all