Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Network/ Ports
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-ControlsCSA-CCMISO-27001NIST-800-53PCI-DSSSOC-2
- Snyk IDSNYK-CC-00560
- creditSnyk Research Team
Description
Open egress can be used to exfiltrate data to unauthorized destinations and enable access to potentially malicious resources.
How to fix?
Set properties.securityRules.properties.destinationAddressPrefix attribute to specific ranges e.g. 192.168.1.0/24.
Set destination_address_prefix attribute to a specific range, e.g. 192.168.1.0/24.
Example Configuration
resource "azurerm_network_security_rule" "allowed" {
name = "allowed"
priority = 125
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
resource_group_name = azurerm_resource_group.examplev.name
network_security_group_name = azurerm_network_security_group.example.name
direction = "Outbound"
access = "Allow"
destination_address_prefix = "192.168.1.0/24"
}