A security group rule allows egress traffic to multiple public addresses
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | networking |
| Provider | OpenStack |
| Vulnerability Type | misconfiguration |
Description#
The security group rule permits outbound (egress) traffic to multiple public IP addresses or broad IP ranges, exposing internal resources to the public internet. This configuration lacks proper restriction on external access.
Impact#
If exploited, sensitive data or services could be exfiltrated or accessed by unauthorized parties on the public internet, increasing the risk of data breaches, malware transmission, and other security incidents affecting the organization.
Resolution#
Employ more restrictive security group rules