Researchers from Ermetic have detailed their findings of a cross-site request forgery vulnerability affecting Azure cloud services. The flaw, dubbed EmojiDeploy, can be exploited to achieve remote code execution. The vulnerabilities are due to a series of misconfigurations and bypasses in the Kudu back-end source control management tool. Microsoft was alerted to the issues in October 2022 and addressed them in early December. Ref https://www.scmagazine.com/analysis/application-security/cross-site-forgery-bug-would-facilitate-remote-code-execution-in-microsoft-azure-services
Ermetic Researchers Find Cross-site Request Forgery Flaw in Azure Cloud Services
You Might Also Like
New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.
