GITBOOK-586: change request with no subject merged in GitBook

HackTricks-wiki · Feb 28, 2024 · 668f61a · 668f61a
1 parent c4b3d82
commit 668f61a
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 0 deletions.
diff --git a/.gitbook/assets/image (150).png b/.gitbook/assets/image (150).png
diff --git a/.gitbook/assets/image (151).png b/.gitbook/assets/image (151).png
diff --git a/pentesting-cloud/gcp-pentesting/gcp-services/gcp-cloud-build-enum.md b/pentesting-cloud/gcp-pentesting/gcp-services/gcp-cloud-build-enum.md
@@ -58,6 +58,12 @@ By default no permissions are given but it's fairly easy to give it some:
 
 It's possible to config a Cloud Build to **require approvals for build executions** (disabled by default).
 
+### PR Approvals
+
+When the trigger is PR because **anyone can perform PRs to public repositories** it would be very dangerous to just **allow the execution of the trigger with any PR**. Therefore, by default, the execution will only be **automatic for owners and collaborators**, and in order to execute the trigger with other users PRs an owner or collaborator must comment `/gcbrun`.
+
+<figure><img src="../../../.gitbook/assets/image (150).png" alt="" width="563"><figcaption></figcaption></figure>
+
 ### Connections & Repositories
 
 Connections can be created over:

diff --git a/...ty/gcp-unaunthenticated-enum-and-access/gcp-cloud-build-unauthenticated-enum.md b/...ty/gcp-unaunthenticated-enum-and-access/gcp-cloud-build-unauthenticated-enum.md
@@ -36,6 +36,24 @@ For some related information you could check the page about how to attack Github
 [abusing-github-actions](../../../pentesting-ci-cd/github-security/abusing-github-actions/)
 {% endcontent-ref %}
 
+### PR Approvals
+
+When the trigger is PR because **anyone can perform PRs to public repositories** it would be very dangerous to just **allow the execution of the trigger with any PR**. Therefore, by default, the execution will only be **automatic for owners and collaborators**, and in order to execute the trigger with other users PRs an owner or collaborator must comment `/gcbrun`.
+
+<figure><img src="../../../.gitbook/assets/image (150).png" alt="" width="563"><figcaption></figcaption></figure>
+
+{% hint style="danger" %}
+Therefore, is this is set to **`Not required`**, an attacker could perform a **PR to the branch** that will trigger the execution adding the malicious code execution to the **`cloudbuild.yml`** file and compromise the cloudbuild execution (note that cloudbuild will download the code FROM the PR, so it will execute the malicious **`cloudbuild.yml`**).
+{% endhint %}
+
+Moreover, it's easy to see if some cloudbuild execution needs to be performed when you send a PR because it appears in Github:
+
+<figure><img src="../../../.gitbook/assets/image (151).png" alt=""><figcaption></figcaption></figure>
+
+{% hint style="warning" %}
+Then, even if the cloudbuild is not executed the attacker will be able to see the **project name of a GCP project** that belongs to the company.
+{% endhint %}
+
 <details>
 
 <summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>