SYM_CONF_0125 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The RDS database instance is configured with 'publicly_accessible = true', making it accessible from the internet. This exposes the database to anyone with network access, increasing the risk of unauthorized connections.
Impact
If exploited, attackers could attempt to connect directly to the database from outside your network, potentially leading to data breaches, unauthorized data manipulation, or service disruption. Public exposure also increases the attack surface for automated scanning and exploitation.