"Researchers: 'CosMiss' Vulnerability Affecting Microsoft Azure Cosmos DB Could Give Attacker RCE Privileges"
Researchers at Orca Security discovered a critical vulnerability in Azure Cosmos DB, a Microsoft-owned NoSQL database used for app development, in which authentication checks were missing from Cosmos DB Notebooks. According to the researchers, the "CosMiss" vulnerability would have allowed an attacker with knowledge of a notebook's forwardingID, the universally unique identifier of the Notebook Workspace, to have full permissions on the notebook without requiring authentication. This included read and write access and the ability to modify the file system of the notebook's container. Through the modification of the container file system, the researchers obtained Remote Code Execution (RCE) in the notebook container. Orca reported the flaw to the Microsoft Security Response Center (MSRC), which fixed the critical issue in two days. According to Avi Shua, co-founder and CEO of Orca Security, the lack of authentication checks in Cosmos DB Jupyter Notebooks was especially risky because Cosmos DB Notebooks are used by developers to create code and often include highly sensitive information, such as secrets and private keys embedded in the code. This article continues to discuss the CosMiss vulnerability affecting Microsoft Azure Cosmos DB.