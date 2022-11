Researchers at the Microsoft Security Response Center (MSRC) and Orca Security this week disclosed a critical vulnerability in Microsoft Azure Cosmos DB that affects its Cosmos DB Jupyter Notebook functionality. Remote Code Execution (RCE) bugs demonstrate how weaknesses in authentication architectures in cloud-native and machine-learning-friendly environments can be exploited by attackers.

Dubbed CosMiss by the Orca research team, the vulnerability boils down to a misconfiguration in how authorization headers are handled. This allows unauthenticated users to gain read and write access to Azure Cosmos DB notebooks and inject and overwrite code.

AWS, Azure vulnerabilities allowed access to other customer accounts

“In short, if an attacker knew the Notebook’s ‘forwardingId’, which is the UUID of the Notebook workspace, they would have full access to the notebook (including read and write access and the ability to modify the file system). It’s the container running the notebook,” Orca’s Lidor Ben Shitrit and Roee Sagi wrote in their technical brief of the vulnerability. “I was able to get her RCE on a notebook container by modifying the container file system aka workspace dedicated to temporary notebook hosting.”

A distributed NoSQL database, Azure Cosmos DB is designed to support scalable, high-performance apps with high availability and low latency. Its uses include IoT device telemetry and analytics. A real-time retail service that runs product catalogs, AI-driven personalized recommendations, and more. Globally distributed applications such as streaming services, pickup and delivery services.

Jupyter Notebook, on the other hand, is an open-source, interactive development tool used by developers, data scientists, engineers, and business analysts to do everything from data exploration and data cleaning to statistical modeling, data visualization, and machine learning. user environment (IDE). It’s a powerful environment built for creating, running, and sharing documents with live code, math, visualizations, and explanatory text.

Orca researchers say this feature makes authentication flaws within Cosmos DB Notebooks particularly dangerous. This is because “they are used by developers to write code and often contain sensitive information such as secrets and private keys embedded in the code.”

The flaw was introduced in late summer, discovered by Orca in early October, disclosed to Microsoft, and fixed within two days. Due to the distributed architecture of Cosmos DB, no customer action was required to roll out this update.

