image credit: Freepik

CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services

January 19, 2023

A web-based Git repository manager, Kudu is the engine behind several Azure App Service features, supporting the deployment and management of code in Azure. The service is used by Functions, App Service, Logic Apps, and other Azure services.

Administrators can manage Azure applications from the SCM panel, which uses Kudu and which requires Azure Active Directory (AAD) authentication. The SCM panel is deployed by default by the App Service, Function Apps, and Logic Apps Azure services.

Read More on Security Week