You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
From commit 22bd5942638d5d9bc4bd603a9bfe8f8a95572292
Description
Impact
A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. We did not verify whether a URL was local when enabling webhooks, allowing authenticated users to forge a POST request.
Patches
Users can upgrade to the latest available Docker image
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Learn more on MITRE.
Impact
A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. We did not verify whether a URL was local when enabling webhooks, allowing authenticated users to forge a POST request.
Patches
Users can upgrade to the latest available Docker image