A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Azure Cosmos DB Jupyter Notebook Feature vulnerability

Azure Cosmos DB Jupyter Notebook Feature vulnerability

Advisory No: TZCERT/SA/2021/08/31

Date of First Release: 31st August 2021

Source: Microsoft

Software Affected: 

  • Azure Cosmos DB 


The vulnerability exists in the Azure Cosmos DB Jupyter Notebook feature. The exploitation of this vulnerability could allow a user to gain access to another customer’s resources by using the account’s primary read-write key.


The vulnerability is caused by a series of flaws in a Cosmos DB feature creating a loophole that allows any user to download, delete or manipulate a massive collection of commercial databases and read-write access to the underlying architecture of the Cosmos DB.  


Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.


Microsoft has fixed the flaw and issued a workaround that requires customers to regenerate their primary read-write keys. Users and administrators are advised to follow the steps described in this technical documentation.  


  1. https://msrc-blog.microsoft.com/2021/08/27/update-on-vulnerability-in-the-azure-cosmos-db-jupyter-notebook-feature/
  2. https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-azure-customers-databases

Check Also

High severity vulnerabilities in HPE ProLiant and HPE Edgeline Servers Using BIOS (PixieFail) (CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235, CVE-2021-38575)

Advisory No: TZCERT/SA/2024/05/31-2 Date of First Release: 31st May 2024 Source: Hewlett-Packard (HP) Software Affected: …