Network misconfigurations

Azure Database for MySQL flexible servers Firewall allows access from all Azure Services

Platform(s)
Compliance Frameworks

Description

{AzureMySqlFlexibleServer} MySQL flexible server's firewall allows access to all Azure services (by default, this configuration is disabled). This option configures the firewall to allow all connections from Azure, including connections from the subscriptions of other customers. In order to reduce the potential attacks of a MySQL flexible server, firewall rules should be defined with more restricted IP addresses by referencing the range of addresses available for a specific MySQL flexible Server.
  • Recommended Mitigation

    For each MySQL flexible server, disable 'Allow public access from any Azure service within Azure to this server' configuration.