A new EmojiDeploy attack has been found in an Azure service

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

The EmojiDeploy attack chain allows a threat actor to run arbitrary code, steal or delete sensitive data, and compromise a targeted application on Azure by exploiting a remote code execution vulnerability through cross-site request forgery (CSRF) on the SCM service Kudu. The attack uses a misconfigured cookie setting for the Source Code Manager (SCM) service on Azure, which sets two controls to default “Lax.”