Redis Entirely Accessible

  • Query id: 0d0c12b9-edce-4510-9065-13f6a758750c
  • Query name: Redis Entirely Accessible
  • Platform: Ansible
  • Severity: Critical
  • Category: Networking and Firewall
  • CWE: 829
  • URL: Github

Description

Firewall rule allowing unrestricted access to Redis from the Internet
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
---
- name: Create a Firewall rule for Azure Cache for Redis
  azure_rm_rediscachefirewallrule:
      resource_group: myResourceGroup
      cache_name: myRedisCache
      name: myRule
      start_ip_address: 0.0.0.0
      end_ip_address: 0.0.0.0

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Create a Firewall rule for Azure Cache for Redis
  azure_rm_rediscachefirewallrule:
    resource_group: myResourceGroup
    cache_name: myRedisCache
    name: myRule
    start_ip_address: 192.168.1.1
    end_ip_address: 192.168.1.4