Orca Security analysts discovered a critical vulnerability that affects Azure Cosmos DB, allowing unauthenticated read and write access to containers. The security issue CosMiss consists of built-in Jupyter Azure Cosmos DB notebooks that integrate with Azure portal and Azure Cosmos DB accounts to simplify querying, analysis, and visualization of NoSQL data and results.

Azure Cosmos DB is a fully managed NoSQL database from Microsoft that supports a wide variety of APIs for applications of all sizes. Jupyter Notebooks is an interactive web platform that allows users to access Cosmos DB data.

The problem discovered by researchers at Orca Security is that Cosmos DB Jupyter notebooks lack authentication controls that prevent unauthorized access and even change the container if they have the laptop workspace’s UUID.

“If the attacker knew the ‘forwardingId’, which is the UUID of the notebook’s workspace, they would have full permissions on the notebook without authentication, including read and write access” – Orca Security

Orca researchers reported their findings to Microsoft on October 3, 2022, and the software vendor fixed critical issues within two days on October 5, 2022.

Today, the researchers published a detailed technical description of the flaw and provided a proof-of-concept (PoC) that enables code execution. The exploit no longer works as Microsoft has already released a patch.