Critical security issue with preview deployments #765
Comments
|
Hi, Thank you so much for your reporting. I'd like to confirm the following things. Does personal access tokens mean
Does "external PRs" mean pull requests created from forked repositories? A PR from a forked repo should be like the following when you use
|
Yes
It is dangerous with every PR but less when the owner applies changes because we assume he knows what he is doing. Your solution to have the approval of a maintainer before running can be a temporary solution. However, as described before, mistakes can happen. |
|
I also beleaive Murphy's law. As you said Netlify does not provided permission selection on tokens, we should use the solution provided by GitHub as a safety net for now. |
|
If you know how to and wish to, you can make a feature request to Netlify. |
|
@hugolgst how is this different from Netlify’s approach? You have to approve deploys from new contributors as well (one would assume this is done for the exact same reason (?)). |
Hello,
Using this GitHub action is extremely dangerous, as you are using Personal access tokens.
Netlify does not have any granularity on permissions personal access tokens provide. This means that you are essentially deploying previews with access to the production environment.
If you are running previews on external PRs, anybody can modify the GH action workflow file and deploy it to your production website.
This cannot be solved unless Netlify provides permission selection on tokens.
The text was updated successfully, but these errors were encountered: