Abuse of Repository Webhooks to Access Hundreds of Internal CI Systems

Posted on in Presentations

Many organizations opt for a CI/CD architecture that combines SaaS-based source control management systems with a self-managed CI solution not exposed to the public Internet. In this talk presenters will discuss a novel attack vector, allowing anyone on the Internet to abuse repository webhooks to do much more than trigger pipelines, and show how they accessed hundreds of internal CI systems in scale.

Omer Gil


Senior Research Manager, Prisma Cloud, Palo Alto Networks

Asaf Greenholts


Senior Security Researcher, Prisma Cloud, Palo Alto Networks

Share With Your Community