Terraform Nsg Postgresql Port Exposed
Description
Detects Azure Network Security Group (NSG) rules that allow public access to PostgreSQL ports (5432). This vulnerability could expose PostgreSQL database instances to unauthorized access from the internet, potentially leading to data breaches or unauthorized database access.
Detection Strategy
• Identifies Terraform resources of type 'azurerm_network_security_rule' or 'azurerm_network_security_group'
• Examines network security rules for configurations that allow inbound traffic to PostgreSQL port (5432)
• Checks if the rule's source address is set to overly permissive ranges like '0.0.0.0/0' or '*' that allow public internet access
• Reports a vulnerability if PostgreSQL port is exposed to public access through either direct security rules or group-level configurations
Vulnerable code example
provider "azurerm" {
features {}
}
resource "azurerm_network_security_group" "example" {
name = "vulnerable-nsg"
location = "East US"
resource_group_name = "example-group"...✅ Secure code example
provider "azurerm" {
features {}
}
resource "azurerm_network_security_group" "example" {
name = "secure-nsg"
location = "East US"
resource_group_name = "example-group"...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.