Commit 1bdca3e2 authored by Achilleas Pipinellis's avatar Achilleas Pipinellis

Merge branch 'patch-30' into 'master'

Documentation: Update webhooks.md: clarify the risk / attack scenario concerning web hooks

See merge request gitlab-org/gitlab!18203
parents e84dcf92 44584e0a
...@@ -9,19 +9,24 @@ local network, these may be vulnerable to exploitation via Webhooks. ...@@ -9,19 +9,24 @@ local network, these may be vulnerable to exploitation via Webhooks.
With [Webhooks](../user/project/integrations/webhooks.md), you and your project With [Webhooks](../user/project/integrations/webhooks.md), you and your project
maintainers and owners can set up URLs to be triggered when specific changes maintainers and owners can set up URLs to be triggered when specific changes
occur in your projects. Normally, these requests are sent to external web services occur in your projects. Normally, these requests are sent to external web
specifically set up for this purpose, that process the request and its attached services specifically set up for this purpose, that process the request and its
data in some appropriate way. attached data in some appropriate way.
Things get hairy, however, when a Webhook is set up with a URL that doesn't Things get hairy, however, when a Webhook is set up with a URL that doesn't
point to an external, but to an internal service, that may do something point to an external, but to an internal service, that may do something
completely unintended when the webhook is triggered and the POST request is completely unintended when the webhook is triggered and the POST request is
sent. sent.
Because Webhook requests are made by the GitLab server itself, these have Webhook requests are made by the GitLab server itself and use a single
complete access to everything running on the server (`http://localhost:123`) or (optional) secret token per hook for authorization (instead of a user or
within the server's local network (`http://192.168.1.12:345`), even if these repo-specific token). As a result, these may have broader access than
services are otherwise protected and inaccessible from the outside world. intended to everything running on the server hosting the webhook (which
may include the GitLab server or API itself, e.g., `http://localhost:123`).
Depending on the called webhook, this may also result in network access
to other servers within that webhook server's local network (e.g.,
`http://192.168.1.12:345`), even if these services are otherwise protected
and inaccessible from the outside world.
If a web service does not require authentication, Webhooks can be used to If a web service does not require authentication, Webhooks can be used to
trigger destructive commands by getting the GitLab server to make POST requests trigger destructive commands by getting the GitLab server to make POST requests
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment