Data at risk

Cosmos DB Accounts Unrestricted Network Access

Risk Level

Informational (4)

Platform(s)

Description

Azure Cosmos DB is a fully managed NoSQL database for modern app development. The default network access for Azure Cosmos DB - {AzureCosmosDb} is not restrict. The access to your Azure Cosmos DB accounts should be connected to specific Azure Virtual Networks (VNets) - which allow a secure network boundary for specific applications or to public IP addresses or IP address ranges, that enables connections from trusted internet services and on-premises networks. Once the firewall rules are properly configured, only clients and applications from allowed networks and/or IPs can access your Cosmos DB account resources.
  • Recommended Mitigation

    It is recommended to review the cosmos db configuration and limit the access to trusted networks and/or IP addresses