Skip to Content

Microsoft Fixes Vulnerability in Jupyter Notebooks for Azure Cosmos DB

Updated on 2022-11-02: Microsoft Fixes Vulnerability in Jupyter Notebooks for Azure Cosmos DB

Microsoft has fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB. Microsoft says that the missing authentication checks issue was introduced in August. Researchers from Orca reported the flaw to Microsoft in early October; Microsoft fixed the issue two days later.

Note

  • While the flaw was specific to Jupyter Notebooks for Azure Cosmos DB (99.8% of Azure Cosmos DB users are not in this category), and exploiting the flaw required guessing the 128-bit random GUID of an active session, aka “forwardingID” – which had to be used within an hour, Microsoft still patched the flaw by adding increased authentication checks. Since this is a server-side fix, no user action is necessary. Exploiting the flaw allowed full access to the Notebook.

Read more in

Overview: CosMiss vulnerability

Microsoft rolled out fixes for an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB, reported by Orca Security. The company calls the vulnerability CosMiss. Microsoft said no customers were impacted by this vulnerability, and no action is required from them to apply the patch. Read more:

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.