Webhook URL is not allowed

ID

unapproved_webhook

Severity

low

Family

CI/ CD Security

Tags

cicd-security, infrastructure, reachable, security

Description

A malicious actor may attempt to access the code permanently by implementing a webhook.

This detector performs an inventory of the webhooks invoked from SCM and CI/ CD systems and check them against a white list provided by the customer.

Security

After successfully compromising a user’s account, a malicious actor may attempt to access the code permanently by implementing a webhook

Mitigation / Fix

Review the webhooks invoked from your organization projects and remove those that are not allowed in your internal security policy.

Configuration

The detector has a property allowedWebhooks where the user have to configure the allowed webhooks for her/ his organization.

By default, this detector is disabled because since the list is empty it would cause to report a flaw for each webhook found.