Cosmos DB account ACL bypass for trusted services is enabled Affecting CosmosDB (DocumentDB) service in Azure

Snyk CCSS

Data / Databases

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM

Snyk ID SNYK-CC-00523
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Azure services will be able to connect to the database without an explicit allow ACL.

How to fix?

Set properties.networkAclBypass to None.

Terraform

azurerm_cosmosdb_account

References

Configure Azure Private Link for Azure Cosmos DB analytical store