OpenStack Security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)
Description
In OpenStack, firewall rules are used to allow or deny traffic to or from a specific network or subnet. When you create a firewall rule, you can specify the destination IP address or range that the rule applies to. This allows you to control which traffic is allowed or denied based on the destination IP of the traffic.
Code Example
go
resource "openstack_compute_secgroup_v2" "secgroup_1" {
name = "my_secgroup"
description = "my security group"
rule {
from_port = 3389
to_port = 3389
ip_protocol = "tcp"
- cidr = "0.0.0.0/0"
}
}Remediation
Terraform
- Resource: openstack_compute_secgroup_v2
- Arguments: rule.to_port + rule.from_port
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1280 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_OPENSTACK_3 |