@psychotropos observed that pre-receive hooks could make requests to sensitive network services that are only accessible on localhost
. This was known behavior and was considered low risk, since pre-receive hook creation is restricted to GitHub Enterprise administrators who have full access to the GitHub Enterprise instance. However, a GitHub Enterprise administrator may grant additional non-administrative users access to the repository where pre-receive hooks are stored. As a result, we decided to block access to sensitive localhost
services from pre-receive hooks. We now prevent pre-receive hooks from accessing sensitive localhost
services using the local firewall.
This issue was fixed in GitHub Enterprise 2.11.0. The changes required to fix the issue were incompatible with a point release for prior versions of GitHub Enterprise. Based on the assessed risk in combination with the incompatibility, GitHub decided not to backport the change for releases prior to 2.11.0.