Azure Data Lake Analytics Firewall Rule allows public access Affecting Data Lake service in Azure


Severity

0.0
medium
0
10
Severity Framework
Snyk CCSS
Rule category
Network/ Firewall

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
Frameworks
CIS-ControlsNIST-800-53PCI-DSSSOC-2
  • Snyk IDSNYK-CC-00527
  • creditSnyk Research Team

Description

Set start_ip_address to specific IP range only, e.g. 192.168.1.0/24.

How to fix?

Set startIpAddress to specific IP range only, e.g. 192.168.1.0/24.

Example Configuration

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {},
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.DataLakeAnalytics/accounts",
            "apiVersion": "2019-11-01-preview",
            "name": "example527allowed",
            "location": "centralus",
            "properties": {
                "dataLakeStoreAccounts": [
                    {
                        "name": "dlsaex527"
                    }
                ],
                "defaultDataLakeStoreAccount": "ddlsa527",
                "firewallRules": [
                    {
                        "name": "allowed-ip-range",
                        "properties": {
                            "endIpAddress": "2.3.4.5",
                            "startIpAddress": "1.2.3.4"
                        }
                    }
                ]
            }
        }
    ]
}