A security group rule allows ingress traffic from multiple public addresses

Property	Value
Language
Severity
Service	networking
Provider	OpenStack
Vulnerability Type	misconfiguration

Description

The security group rule permits ingress traffic from multiple public IP addresses or broad ranges, exposing services to the open internet instead of restricting access to specific, trusted sources. This configuration increases the attack surface by allowing connections from any public location.

Impact

Attackers can attempt unauthorized access, exploit vulnerabilities, or launch attacks (such as brute force or scanning) against exposed resources. This can lead to data breaches, service disruption, or compromise of infrastructure, putting the application's security and availability at risk.

Resolution

Employ more restrictive security group rules