Hoʻomaopopo ka loea palekana ʻo Wiz i kahi nāwaliwali i ka lawelawe ʻo Azure App Service o Microsoft. Hōʻike ka nāwaliwali i nā haneli o nā waihona kumu kumu. Ua hoʻopaʻa ʻo Microsoft i ka leak.
Ua ʻike ʻo Wiz i ka mea i kapa ʻia ʻo NotLegit vulnerability ma Azure App Service. ʻO ka lawelawe, i kapa ʻia ʻo Azure Web Apps, he kahua no ka hoʻokipa ʻana i nā pūnaewele a me nā noi pūnaewele. Hiki ke hoʻouka ʻia nā kumu kumu a me nā mea kiʻi i ka Azure App Service me ka hoʻohana ʻana i ka hāmeʻa Local Git. Hiki i nā mea hoʻohana ke hoʻonohonoho i kahi waihona ʻo Local Git me ka pahu Azure App Service a paʻi pololei i ke code i ke kikowaena.
Wahi a ka poʻe noiʻi, ʻo kēia kahi e waiho ai ka nāwaliwali. I ka hoʻohana ʻana i ka Local Git e ʻōwili i ke code i ka Azure App Service, ua hoʻonohonoho ʻia ka waihona git me kahi papa kuhikuhi hiki i ka lehulehu ke komo.
Hoʻopili ʻia kekahi mau ʻōlelo code
Maikaʻi nā kumu kumu i kākau ʻia ma PHP, Python, Ruby a i ʻole Node. He hapa kēia no ka hoʻohana pinepine ʻana o kēia mau ʻōlelo code i nā kikowaena pūnaewele e like me Apache, Nginx a me Flask. ʻAʻole hiki i kēia mau kikowaena pūnaewele ke mālama i nā faila web.config. ʻAe kēia i ke komo ʻana o ka lehulehu i nā waihona waihona kumu.
ʻIke ʻia e Microsoft
Ua hōʻike mua nā loea palekana ma Wiz iā Microsoft i ka nāwaliwali i ka hoʻomaka ʻana o ʻOkakopa i kēia makahiki. Ua pani ʻo Microsoft iā ia. I kēlā me kēia hihia, koi ka poʻe loea i nā mea hoʻohana e nānā inā ua hōʻike ʻia kā lākou kumu kumu a hana i nā hana no kā lākou noi.