Issued: Monday, 30 August, 2021 |
Last Revision: Monday, 30 August, 2021 |
Vendor: |
Product: |
Severity Level: |
Summary:
A flaw in Microsoft’s Azure Cosmos DB database product left more than 3,300 Azure customers open to complete unrestricted access by attackers. The vulnerability was introduced in 2019 when Microsoft added a data visualization feature called Jupyter Notebook to Cosmos DB. The feature was turned on by default for all Cosmos DBs in February 2021.
The flaw was detected in a visualization tool called Jupyter Notebook, and has been available for years. This flaw was enabled by default in Cosmos starting in February.
Recommendation:
Entities which are using Azure cloud Cosmos DB are advised to apply Microsoft distributed fix for this vulnerability and regenerate Primary key for their database.
Entities may contact their Cloud service provider for further assistance on this issue.