TF 0473 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Missing description for security group rule.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | computing |
| Provider | Nifcloud |
Description
Security group rules are defined without a description, making it unclear why the rule exists or what its purpose is. This lack of context complicates auditing, troubleshooting, and future management of firewall rules.
Impact
Missing descriptions can lead to misconfigured or unnecessary rules remaining in place, increasing the risk of unauthorized access or accidental exposure. It also makes it harder for teams to quickly identify, review, or update rules, potentially delaying incident response and weakening security posture.
Resolution
Add descriptions for all security groups rules