The Hacker News reported on critical Cosmos database flow which can potentially affect thousands of Azure customers.
Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers’ database instances without any authorization.
The flaw, which grants read, write, and delete privileges, has been dubbed “ChaosDB,” with Wiz researchers noting that “the vulnerability has a trivial exploit that doesn’t require any previous access to the target environment, and impacts thousands of organizations, including numerous Fortune 500 companies.”
Read further on The Hacker News