Webhooks Should Not Be Allowed To Be Sent To The Local Network
policy name: webhooks_are_allowed_to_be_sent_to_local_network
severity: LOW
Description
Webhooks sent by GitLab servers are authenticated, and can cause potential damage if sent uncontrollably. For example, a malicious user can plant a webhook address that triggers an API call in GitLab itself which can delete resources. Therefore, as a security best practice, webhooks should be limited to external URLs only. You can read more here
Remediation
- Press Settings -> Network
- Expand “Outbound requests” section
- Un toggle “Allow requests to the local network from web hooks and services”
- Press “Save Changes”