Azure Postgresql Firewall Allows Public Access
Description
Detects Azure PostgreSQL servers with firewall rules that allow broad public network access through invalid or overly permissive IP ranges. This misconfiguration could expose the database server to unauthorized access from the internet, potentially leading to data breaches or unauthorized database manipulation.
Detection Strategy
• Confirms that public network access is explicitly enabled on the PostgreSQL server
• Examines the start and end IP addresses in the firewall rules
• Reports a vulnerability when both start and end IP addresses are present but contain invalid IP ranges
• Identifies cases where firewall rules may unintentionally allow broad network access due to misconfigured IP ranges
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.