rspec/shared_content/secrets/impact/codeless_vulnerability_chaining.adoc

==== Chaining of vulnerabilities

Triggering arbitrary workflows can lead to problems ranging from a denial of
service to worse, depending on how the webhook's data is handled. If the
webhook performs a specific action that is affected by a vulnerability, the
webhook acts as a remote attack vector on the enterprise.

Components affected by this webhook could, for example, experience unexpected
failures or excessive resource consumption. If it is a single point of failure
(SPOF), this leak is critical.
Create rule S6720(secrets): Zapier keys should not be disclosed (#2945) You can preview this rule [here](https://sonarsource.github.io/rspec/#/rspec/S6720/secrets) (updated a few minutes after each push). ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com> Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com> 2023-08-28 12:27:43 +02:00			`==== Chaining of vulnerabilities`

			`Triggering arbitrary workflows can lead to problems ranging from a denial of`
			`service to worse, depending on how the webhook's data is handled. If the`
			`webhook performs a specific action that is affected by a vulnerability, the`
			`webhook acts as a remote attack vector on the enterprise.`

			`Components affected by this webhook could, for example, experience unexpected`
			`failures or excessive resource consumption. If it is a single point of failure`
			`(SPOF), this leak is critical.`