A new EmojiDeploy attack has been found in an Azure service
A new EmojiDeploy attack has been found in an Azure service
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
The EmojiDeploy attack chain allows a threat actor to run arbitrary code, steal or delete sensitive data, and compromise a targeted application on Azure by exploiting a remote code execution vulnerability through cross-site request forgery (CSRF) on the SCM service Kudu. The attack uses a misconfigured cookie setting for the Source Code Manager (SCM) service on Azure, which sets two controls to default “Lax.”