Skip to content

SDE Data breach #59

@Nanomsky

Description

@Nanomsky

We have a data breach within the SDE through Azure ML.

Project: Predict
VM - linuxvm2ab2 (regular_workstation_4)

To Reproduce

  1. Create a new compute instance from within SDE Azure portal
  2. Start the instance and click on JupyterLab (Under the Applications column) to start Jupyter Lab
  3. With the file Browser open, click the upload button to manually select and upload data
Image

The uploaded data is visible and can be seen within the JupyterLab file browser

Image

  1. Open ml.azure.com from outside the SDE and log in to the same resource group, subscription and workspace.
  2. Locate the same compute instance created in the previous step and open JupyterLab
  3. The uploaded file is clearly visible

Image

7. Righ-click on the file and select the download button to download the file to your local drive

Image

Expected behavior

This should not happen. I should not be able to download the file from ml.azure.com outside the SDE.

Sub-issues

Metadata

Metadata

Labels

Issue: TRE/SDEIssue with the TRE environmentPriority: HighHigh Priority Issue - User is not able to do any work, and others may also be impacted

Type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions