Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The database instance is configured to allow connections from any IP address (0.0.0.0/0), which exposes it to the public internet. This makes the database accessible to anyone without restriction.
Impact#
If exploited, attackers could connect to the database from anywhere, potentially leading to unauthorized access, data theft, or database compromise. This exposure increases the risk of data breaches and can threaten the integrity and confidentiality of sensitive information.