Cosmos DB account does not restrict user access to data operations Affecting CosmosDB (DocumentDB) service in Azure

Snyk CCSS

IAM / Usage

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM HIPAA ISO-27001 SOC-2

Snyk ID SNYK-CC-00524
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Account key-based write access to account data exposes sensitive configuration options to non-administrative accounts.

How to fix?

Set Properties.disableKeyBasedMetadataWriteAccess to true.

ARM

databaseaccounts

Terraform

Resource: azurerm_cosmosdb_account

References

How to audit Azure Cosmos DB control plane operations