Researchers from Ermetic have detailed their findings of a cross-site request forgery vulnerability affecting Azure cloud services. The flaw, dubbed EmojiDeploy, can be exploited to achieve remote code execution. The vulnerabilities are due to a series of misconfigurations and bypasses in the Kudu back-end source control management tool. Microsoft was alerted to the issues in October 2022 and addressed them in early December. Ref https://www.scmagazine.com/analysis/application-security/cross-site-forgery-bug-would-facilitate-remote-code-execution-in-microsoft-azure-services

Ermetic Researchers Find Cross-site Request Forgery Flaw in Azure Cloud Services
- Post author:System
- Post published:21 January 2023
- Post category:Blog & News
You Might Also Like

New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects

A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.
