DB Security Group With Public Scope
- Query id: 1e0ef61b-ad85-4518-a3d3-85eaad164885
- Query name: DB Security Group With Public Scope
- Platform: Terraform
- Severity: High
- Category: Networking and Firewall
- URL: Github
Description¶
The IP address in a DB Security Group should not be '0.0.0.0/0' (IPv4) or '::/0' (IPv6). If so, any IP can access it
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - tf file
resource "aws_db_security_group" "positive1" {
name = "rds_sg"
ingress {
cidr = "0.0.0.0/0"
}
}