Azure App Service Linux source repository exposure

  • Thread starter Thread starter MSRC
  • Start date Start date
M

MSRC

MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an application configured to serve static content, makes it possible for others to download files not intended to be public.

Continue reading...
 
Back
Top