docs
docs copied to clipboard
github
H1-446593 Fixed about vulnerabilities found other in H1-1646084
Code of Conduct
- [X] I have read and agree to the GitHub Docs project's Code of Conduct
What article on docs.github.com is affected?
https://github.com/settings/apps
What part(s) of the article would you like to see updated?
https://github.com/github/codeql/issues/9881
Additional information
After I see the reports as refferences #446593. I tried to do a penetration tester on "GitHub Apps" attacker can insert malicious code via parameter "Webhook/Callback" at directory "/settings/apps/new" vulnerability that I found is SSRF vulnerability in the webhooks/callback filling form I insert the ssrf code which will be sent by server github.com via a request parameter and the results show that these parameters are vulnerable to malicious code ssrf attacks. vulnerability reported as github/codeql/issues/9881
*Please opened and triaged my reports as refferences: https://hackerone.com/reports/1646084
Impact
Successful SSRF attack can often result in unauthorized actions or access to data within the organization, either in the vulnerable application itself or on other back-end systems that the application can communicate with. and SSRF is a dangerous web vulnerability. SSRF lets attackers send requests from the server to other resources, both internal and external, and receive responses. Impact of exploiting a Server-Side Request Forgery vulnerability depends primarily on how the web application uses responses from remote resources
Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.
![welcome[bot] avatar](https://avatars.githubusercontent.com/in/4141?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further. See this blog post on bug reports and the importance of repro steps for more information about the kind of information that may be helpful.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}