Get in Touch
CosmosDB Data Exposure (ChaosDB)
CosmosDB is Azure’s cloud-native NoSQL database.
Since February 2021, newly created databases have had a preview feature automatically enabled to let customers use Jupyter notebooks to make direct use of their data.
This feature had a security flaw that allowed privilege escalation into other customer notebooks.
In the months where this feature was live, an attacker could exploit a misconfiguration in the Jupyter feature to gain access to other customers’ credentials. This would allow them full permissions to read and write to the database.
According to the researchers who discovered the flaw:
“Every Cosmos DB account that uses the notebook feature or that was created after February 2021 is potentially exposed.”
Containment, Mitigations & Remediations
Microsoft has disabled the vulnerable Jupyter feature until it can be redesigned.
Notifications have gone out to affected users.
Microsoft says there is no evidence of this being exploited by anyone but the researchers but as a precaution, they are asking customers with the feature to regenerate their primary keys.
– T1190 – Exploit Public-Facing Application
– T1530 – Data from Cloud Storage Object
ChaosDB: How we hacked thousands of Azure customers’ databases