Isevisi ye-NotLegit Vulnerability Azure App Yenza Ikhodi Yomthombo Isesidlangalaleni

Uchwepheshe wezokuphepha u-Wiz uxwayisa ngobungozi ku-Microsoft's Azure App Service. Ukuba sengozini kuveza amakhulukhulu amaqoqo ekhodi yomthombo. IMicrosoft isikhiphe ukuvuza.

U-Wiz uthole lokho okubizwa nge-NotLegit sengozini ku-Azure App Service. Le nkonzo, eyaziwa nangokuthi i-Azure Web Apps, iyinkundla yokubamba amawebhusayithi nezinhlelo zokusebenza ezisekelwe kuwebhu. Ikhodi yomthombo nama-artifact angalayishwa ku-Azure App Service kusetshenziswa ithuluzi le-Local Git. Abasebenzisi bangakwazi ukumisa ikhosombe le-Local Git ngesiqukathi sesevisi ye-Azure App futhi baphushele ikhodi ngqo kuseva.

Ngokwabacwaningi, yilapho kanye kulele khona ukuba sengozini. Lapho usebenzisa i-Local Git ukukhipha ikhodi ku-Azure App Service, inqolobane ye-git yamiswa ngohlu lwemibhalo olufinyeleleka esidlangalaleni wonke umuntu angalufinyelela.

Izilimi zekhodi ezimbalwa zithintekile

Ikakhulukazi ikhodi yomthombo ebhalwe nge-PHP, i-Python, i-Ruby noma i-Node isengozini. Lokhu kungenxa yokuthi lezi zilimi zekhodi zivame ukusebenzisa amaseva ewebhu njenge-Apache, Nginx kanye neFlask. Lezi ziphakeli zewebhu azikwazi ukuphatha amafayela we-web.config. Lokhu kuvumela ukufinyelela komphakathi kumakhosombe amakhodi omthombo.

Kwaziwa yiMicrosoft

Ochwepheshe bezokuphepha e-Wiz sebevele bazisile i-Microsoft ngobungozi ekuqaleni kuka-Okthoba kulo nyaka. IMicrosoft isiyivalile. Kunoma yikuphi, ochwepheshe banxusa abasebenzisi ukuthi bahlole ukuthi ikhodi yabo yomthombo iyembuliwe yini futhi bathathe isinyathelo ngezicelo zabo.