Cross-site forgery bug would facilitate remote code execution in Microsoft Azure services

The bug, reported to Microsoft on Oct. 26 and remediated Dec. 6, is the result of manipulating a series of misconfigurations and security bypasses in Kudu, a back-end source control management (SCM) tool that helps manage and modify web applications and is used by major Microsoft cloud services like Azure Functions, Azure App Service and Azure Logic Apps.

app applications application security apps app service azure back bug cloud cloud security cloud services code code execution control cross-site dec end forgery functions logic major manage management microsoft microsoft azure microsoft azure services microsoft cloud misconfigurations remote code remote code execution result scm security series service services tool vulnerability management web web applications