Security: webhook subscription endpoint allows SSRF to internal services #2052
Description
Summary
The webhook subscription endpoint accepts attacker-controlled http:// and https:// URLs and later sends server-side POST requests to those stored destinations without restricting internal or reserved address ranges. This allows server-side request forgery (SSRF) against loopback, private RFC1918 hosts, and cloud metadata/link-local targets.
Affected component
tools/webhooks/webhook_server.pyPOST /webhooks/subscribe
Impact
If the webhook server is reachable, an unauthenticated attacker can register a subscription to internal services and cause the server to issue HTTP requests into protected network locations that would not normally be reachable from the outside. This can be used for internal service probing and, depending on environment, access to local/admin APIs or cloud instance metadata endpoints.
Why this happens
- Subscriber URLs are accepted with only scheme-level validation
- Hostnames are not resolved and checked against blocked/internal IP ranges
- Delivery requests follow attacker-controlled destinations from the server side
- Redirect handling can also be abused to pivot to internal targets if not disabled
Suggested fix
- Resolve and validate subscriber hostnames before storing them
- Block loopback, RFC1918, link-local, CGNAT, and IPv6 internal ranges
- Disable redirects during webhook delivery
I have a minimal fix prepared and can open a PR immediately.
Wallet: RTC1d48d848a5aa5ecf2c5f01aa5fb64837daaf2f35