Ermetic Researchers Find Cross-site Request Forgery Flaw in Azure Cloud Services
Researchers from Ermetic have detailed their findings of a cross-site request forgery (CSRF) vulnerability affecting Azure cloud services. The flaw, dubbed EmojiDeploy, can be exploited to achieve remote code execution. The vulnerabilities are due to a series of misconfigurations and bypasses in the Kudu back-end source control management tool. Microsoft was alerted to the issues …
