TF 0039 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Missing security group for instance.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | computing |
| Provider | Nifcloud |
| Vulnerability Type | omission |
Description
Instances are being created without an associated security group, leaving them without defined network traffic controls. This configuration allows unrestricted access to and from the instance, violating basic security best practices.
Impact
Without a security group, instances are exposed to all inbound and outbound traffic, significantly increasing the risk of unauthorized access, data breaches, malware infection, or exploitation by attackers, potentially compromising the integrity and availability of services and data.
Resolution
Add security group for all instances