A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Azure Cosmos DB Jupyter Notebook Feature vulnerability

Azure Cosmos DB Jupyter Notebook Feature vulnerability

Advisory No: TZCERT/SA/2021/08/31

Date of First Release: 31st August 2021

Source: Microsoft

Software Affected: 

  • Azure Cosmos DB 

Overview:

The vulnerability exists in the Azure Cosmos DB Jupyter Notebook feature. The exploitation of this vulnerability could allow a user to gain access to another customer’s resources by using the account’s primary read-write key.

Description:

The vulnerability is caused by a series of flaws in a Cosmos DB feature creating a loophole that allows any user to download, delete or manipulate a massive collection of commercial databases and read-write access to the underlying architecture of the Cosmos DB.  

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

Microsoft has fixed the flaw and issued a workaround that requires customers to regenerate their primary read-write keys. Users and administrators are advised to follow the steps described in this technical documentation.  

References:

  1. https://msrc-blog.microsoft.com/2021/08/27/update-on-vulnerability-in-the-azure-cosmos-db-jupyter-notebook-feature/
  2. https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-azure-customers-databases

Check Also

Authentication Bypass and Directory Traversal vulnerabilities for Zimbra email platform (CVE-2022-27925, CVE-2022-37042)

Advisory No: TZCERT/SA/2022/08/17 Date of First Release: 17th August 2022 Source: Zimbra Software Affected:  Zimbra  8.8.15  and 9.0 Overview: …