SYM_CONF_0252 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Omission of Security-relevant Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-223: Omission of Security-relevant Information |
| OWASP | A09:2021 - Security Logging and Monitoring Failures |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
This code defines AWS security group rules without meaningful descriptions, or leaves the description empty or set to a default value. Missing or generic descriptions make it difficult to understand the purpose of each rule.
Impact
Without clear descriptions, it becomes challenging to audit, troubleshoot, or manage security groups, increasing the risk of misconfigurations going unnoticed. This can lead to accidental exposure of resources or delayed response to security incidents.