Redis Publicly Accessible

• Query id: 0632d0db-9190-450a-8bb3-c283bffea445
• Query name: Redis Publicly Accessible
• Platform: Ansible
• Severity: Critical
• Category: Networking and Firewall
• CWE: 285
• URL: Github

Description

Firewall rule allowing unrestricted access to Redis from other Azure sources
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

---
- name: Create a Firewall rule for Azure Cache for Redis
  azure_rm_rediscachefirewallrule:
      resource_group: myResourceGroup
      cache_name: myRedisCache
      name: myRule
      start_ip_address: 1.2.3.4
      end_ip_address: 2.3.4.5

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: Create a Firewall rule for Azure Cache for Redis
  azure_rm_rediscachefirewallrule:
    resource_group: myResourceGroup
    cache_name: myRedisCache
    name: myRule
    start_ip_address: 192.168.1.1
    end_ip_address: 192.168.1.4