high

Azure NotLegit

Published Thu, Oct 7th, 2021
Platforms

Summary

Azure App Service had an insecure default behavior that exposed the source code of customer applications written in PHP, Python, Ruby, or Node, that were deployed using “Local Git”.

Affected Services

N/A

Remediation

Remove these permissions - this can be done via an organization policy.

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Tue, Dec 21st, 2021
Exploitablity Period
Sept 2017 - Dec 2021
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Shir Tamari, Wiz