Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Network/ Public Access
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-ControlsISO-27001SOC-2
- Snyk IDSNYK-CC-00544
- creditSnyk Research Team
Description
The database service port can potentially be accessed by anyone on the internet. This exposes the service to authentication brute force attacks.
How to fix?
Set properties.publicNetworkAccess attribute to Disabled.
Set public_network_access_enabled attribute to false.
Example Configuration
resource "azurerm_mariadb_server" "allowed1" {
name = "mariadb-server-544"
location = azurerm_resource_group.example544.location
resource_group_name = azurerm_resource_group.example544.name
administrator_login = "mariadbadmin"
administrator_login_password = "Terr@f0rmo103"
sku_name = "GP_Gen5_2"
storage_mb = 5120
version = "10.3"
auto_grow_enabled = true
backup_retention_days = 7
geo_redundant_backup_enabled = false
public_network_access_enabled = false
ssl_enforcement_enabled = false
}