SYM_CONF_0248 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
This code configures a network ACL rule in AWS to allow incoming traffic from any public IP address. Allowing unrestricted public ingress exposes your resources to the entire internet, increasing the risk of unauthorized access.
Impact
If exploited, attackers could access or probe your AWS resources from anywhere on the internet, potentially leading to data breaches, service disruptions, or unauthorized use of your cloud infrastructure. This exposure makes your environment a target for automated attacks and malicious actors.