You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Overview
Currently in the run completion data that is sent to the events webhook the "provider" is never validated that it is the correct value, a provider should never be able to send a request for another provider, we should validate as a step in the webhook that the provider is correct.
Technical Details
The request in to the webhook accepts the following JSON:
Overview
Currently in the run completion data that is sent to the events webhook the "provider" is never validated that it is the correct value, a provider should never be able to send a request for another provider, we should validate as a step in the webhook that the provider is correct.
Technical Details
The request in to the webhook accepts the following JSON:
the
provider
element needs to verified to ensure it came from that provider.This task is separate to the main security task of securing the connection from the provider to the KFP Operator webhook (link to issue once raised)
The text was updated successfully, but these errors were encountered: