Microsoft fixes NotLegit: exposed the source code of apps written in PHP and Python in Azure App Service for Linux
The Wiz research team has discovered a security issue in Azure App Service on Linux. This exposed the source code of client applications written in PHP, Python, Ruby or Node, which were deployed using “Local Git”.
The vulnerability, dubbed “NotLegit,” has been in existence since September 2017 and has likely been exploited, according to researchers at Wiz, which reported this problem to Microsoft in October this year.
Wiz said that all PHP, Node, Ruby and Python applications that were deployed using “Local Git” in a clean app by default in Azure App Service from September 2017 are affected. Also, those that were deployed to Azure App Service since September 2017 using any Git source, after a file was created or modified in the application container, are too.
The article located at News Trace is no longer available.