Critical Vulnerability Exposed Azure Cosmos DBs for Months

Source
Advertisement


A fully managed NoSQL database, Cosmos DB was launched in 2017, for use with web and mobile applications, but also supports modeling social interactions and integration with third-party services.

Earlier this month, researchers with the cloud security firm Wiz discovered a vulnerability in the Azure cloud platform that could allow a remote attacker to take over Cosmos DB instances without authorization, with full administrative rights, meaning they could read, write, or delete databases.

Advertisement