Home Security Researchers Disclose Particulars of Crucial ‘CosMiss’ RCE Flaw Affecting Azure Cosmos DB

Researchers Disclose Particulars of Crucial ‘CosMiss’ RCE Flaw Affecting Azure Cosmos DB

by crpt os


Microsoft on Tuesday said it addressed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB that enabled full read and write access.

The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide on October 6, 2022, two days after responsible disclosure from Orca Security, which dubbed the flaw CosMiss.

“In short, if an attacker had knowledge of a Notebook’s ‘forwardingId,’ which is the UUID of the Notebook Workspace, they would have had full permissions on the Notebook without having to authenticate, including read and write access, and the ability to modify the file system of the container running the notebook,” researchers Lidor Ben Shitrit and Roee Sagi said.

This container modification could ultimately pave the way for obtaining remote code execution in the Notebook container by overwriting a Python file associated with the Cosmos DB Explorer to spawn a reverse shell.

CyberSecurity

Successful exploitation of the flaw, however, requires that the adversary is in possession of the unique 128-bit forwardingId and that it’s put to use within a one-hour window, after which the temporary Notebook is automatically deleted.

“The vulnerability, even with knowledge of the forwardingId, did not give the ability to execute notebooks, automatically save notebooks in the victim’s (optional) connected GitHub repository, or access to data in the Azure Cosmos DB account,” Redmond said.

Microsoft noted in its own advisory that it identified no evidence of malicious activity, adding no action is required from customers. It also described the issue as “difficult to exploit” owing to the randomness of the 128 bit forwadingID and its limited lifespan.

“Customers not using Jupyter Notebooks (99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks) were not susceptible to this vulnerability,” it further said.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex