TF 0453 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
An egress security group rule allows traffic to /0.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | ec2 |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description
The security group egress rule permits outbound traffic to 0.0.0.0/0, allowing any instance in the group to send data to any IP address on the internet. This configuration lacks restrictions on destination addresses, exposing resources to unnecessary risk.
Impact
Unrestricted egress enables compromised instances to exfiltrate sensitive data or communicate with malicious external servers. This can lead to data breaches, loss of control over network traffic, and increased risk of compliance violations.
Resolution
Set a more restrictive cidr range