Hacker News new | ask | show | jobs
by nightpool 187 days ago
It looks like the entire class of bugs here are "if you have access to Posthog's admin dashboard, you can configure webhook URLs that hit Posthog's internal services". That's not particularly surprising for a self-hosted system like the author's, but I expect it would pretty bad if you were using their cloud-hosted product.
1 comments
anothercat 187 days ago
Ah of couse! I forgot about the cloud hosted option.
link
nightpool 186 days ago
In another comment, a Posthog security engineer mentions that this was resolved previously for their cloud-hosted product: https://news.ycombinator.com/item?id=46307696
link