services / Azure / Notebook workspace
A managed Jupyter notebook workspace (hosted compute environment) attached to a Cosmos DB account, used to run notebooks against the account's data.
Supporting compute asset; can run arbitrary code/workloads and incur metered spend.
Microsoft.DocumentDB/databaseAccounts/notebookWorkspaces/listConnectionInfo/action
Returns the notebook workspace connection endpoint and authentication token, exporting reusable credential material that lets an attacker connect to and execute code in the notebook compute environment.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog