Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Cosmos DB account is not configured to restrict access, allowing connections from any network. Missing settings like public network access restrictions or virtual network/IP filtering make the database accessible from the public internet.
Impact#
If exploited, attackers could connect to the Cosmos DB instance from anywhere, potentially leading to unauthorized access, data breaches, or manipulation of sensitive information. This exposure increases the risk of data theft or service disruption.