New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks
The Hacker News coverage of the Ermetic discovery of a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure.
The Hacker News recently published an article covering the Ermetic discovery of a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure. The vulnerability could be exploited by a malicious actor to completely take control of a targeted application.
The article goes on to describe how ,in a hypothetical attack chain "an adversary could exploit the CSRF vulnerability in the Kudu SCM panel to defeat safeguards put in place to thwart cross-origin attacks by issuing a specially crafted request to the /api/zipdeploy endpoint to deliver a malicious archive (e.g., web shell) and gain remote access."