Critical Vulnerability Exposed Azure Cosmos DBs for Months


Microsoft this week started notifying customers of a critical vulnerability in Azure Cosmos DB that could have provided attackers with administrative access to Cosmos DB instances.

A fully managed NoSQL database, Cosmos DB was launched in 2017, for use with web and mobile applications, but also supports modeling social interactions and integration with third-party services.

Earlier this month, researchers with the cloud security firm Wiz discovered a vulnerability in the Azure cloud platform that could allow a remote attacker to take over Cosmos DB instances without authorization, with full administrative rights, meaning they could read, write, or delete databases.

Read more…