Azure Cosmos DB remote takeover bug affects thousands of organisations – Security

Security scientists have identified a long-standing vulnerability in the Azure Cosmos DB completely managed non-structured query language databases, which enables attackers to remotely consider in excess of the information and facts retail outlet with a trivial exploit.

Named ChaosDB, the vulnerability provides any Azure consumer comprehensive administrative entry to other customers’ Cosmos DB circumstances, protection seller Wiz Investigation Crew claimed.

This involves the capacity to study, publish and delete details in the NoSQL information and facts retail outlet, with no authorisation needed.

Wiz claimed the vulnerability impacts hundreds of organisations, such as numerous huge Fortune five hundred providers.

The vulnerability stems from the Jupyter Notebook website software that builders can use for a selection of duties such as details visualisation, are living code documenets and statistical modelling.

Jupyter Notebooks are a aspect of Cosmos DB, and a threat actor can exploit a chain of vulnerabilities to acquire credentials to the NoSQL databases system.

No prior entry to victim environments is needed, and Wiz claimed the chain of vulnerabilities is trivial to exploit.

Microsoft has acknowledged the vulnerability and disabled the aspect within forty eight hours just after Wiz documented it.

Wiz claimed the vulnerability has been exploitable for months, and claimed every Cosmos DB buyer really should believe they have been compromised.

Microsoft has notified all-around a third of Cosmos DB consumers about the protection breach, advising them to regenerate the key keys to mitigate from the vulnerability.

There is no indicator at the this phase that the ChaosDB vulnerability has been exploited, Microsoft recommended.