SYM_CONF_0056 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Cosmos DB account configuration allows access key write operations by not explicitly disabling 'access_key_metadata_writes_enabled'. This increases the risk of unauthorized key changes or exposure.
Impact
If exploited, attackers could modify or rotate database access keys, potentially gaining unauthorized access or disrupting services. This can lead to data breaches, loss of control over database access, and compromise of sensitive information.