services / Azure / Cosmos DB MongoDB user definition
A MongoDB User Definition is a data-plane database user account for the Cosmos DB for MongoDB API, holding the username, credential (password set on write, not returned on read), and the role definitions assigned to it.
Represents a credentialed data-plane identity for a single database account's data store.
Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/write
Creating or updating a MongoDB user definition lets an attacker provision a database user with a chosen password and attach privileged roles, establishing persistent credentialed data-plane access and escalating privilege.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security