Orca Security cautions that an attacker may have been able to remotely execute arbitrary code in Azure Cosmos DB because of a missing authentication check vulnerability.
A NoSQL database called Azure Cosmos DB is used in order processing pipelines for event sourcing and on e-commerce platforms to store catalog data. The open-source interactive developer environment (IDE) Azure Cosmos DB Jupyter notebooks, which enables developers to share documents, live code, visualizations, and more, was where the security flaw was discovered. Jupyter notebooks that are integrated with Azure Cosmos DB may include secrets and private keys.
Also Read: Effective Collaboration Between IT and HR is Critical to Better Cybersecurity
The CosMiss flaw could have permitted unauthorized access to the notebook if the attacker knew the notebook workspace UUID, also called the “forwardingId.” According to Orca, the attacker would have had the ability to change the container’s file system and execute code from a distance.
Read More: Microsoft Patches Azure Cosmos DB Flaw Leading to Remote Code Execution
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
