Network misconfigurations

Azure PostgreSQL Flexible Server firewall allows access from all Azure services

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

The firewall of Azure PostgreSQL flexible server {AzurePostgresFlexibleServer} allows access to all Azure services (by default, this configuration is disabled). This option configures the firewall to allow all connections from Azure, including connections from the subscriptions of other customers. In order to reduce the potential attacks of a SQL server, firewall rules should be defined with more restricted IP addresses by referencing the range of addresses available for a specific SQL Server.
  • Recommended Mitigation

    It is recommended to remove the firewall rule that allow public access from any Azure service.