Microsoft Patches Azure Cosmos DB Flaw Leading to Remote Code Execution


Orca Security cautions that an attacker may have been able to remotely execute arbitrary code in Azure Cosmos DB because of a missing authentication check vulnerability. A NoSQL database called Azure Cosmos DB is used in order processing pipelines for event sourcing and on e-commerce platforms to store catalogue data.

The open-source interactive developer environment (IDE) Azure Cosmos DB Jupyter notebooks, which enables developers to share documents, live code, visualisations, and more, was where the security flaw was discovered. Jupyter notebooks that are integrated with Azure Cosmos DB may include secrets and private keys. Read More…