diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-19 15:07:55 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-19 15:07:55 +0000 |
commit | f92a53a216e6e7d5037ac701efbee5628f91aa9a (patch) | |
tree | 1eb957f0277b50002258681f61db869a2b683fec /doc/administration/incoming_email.md | |
parent | e3764d340e2849fccee8c06278d1f5f686edd35b (diff) | |
download | gitlab-ce-f92a53a216e6e7d5037ac701efbee5628f91aa9a.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/administration/incoming_email.md')
-rw-r--r-- | doc/administration/incoming_email.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/administration/incoming_email.md b/doc/administration/incoming_email.md index a0360f1d252..1550787d532 100644 --- a/doc/administration/incoming_email.md +++ b/doc/administration/incoming_email.md @@ -7,7 +7,7 @@ GitLab has several features based on receiving incoming emails: - [New issue by email](../user/project/issues/managing_issues.md#new-issue-via-email): allow GitLab users to create a new issue by sending an email to a user-specific email address. -- [New merge request by email](../user/project/merge_requests/creating_merge_requests.md#create-new-merge-requests-by-email): +- [New merge request by email](../user/project/merge_requests/creating_merge_requests.md#new-merge-request-by-email-core-only): allow GitLab users to create a new merge request by sending an email to a user-specific email address. - [Service Desk](../user/project/service_desk.md): provide e-mail support to @@ -79,7 +79,7 @@ email address in order to sign up. If you also host a public-facing GitLab instance at `hooli.com` and set your incoming email domain to `hooli.com`, an attacker could abuse the "Create new issue by email" or -"[Create new merge request by email](../user/project/merge_requests/creating_merge_requests.md#create-new-merge-requests-by-email)" +"[Create new merge request by email](../user/project/merge_requests/creating_merge_requests.md#new-merge-request-by-email-core-only)" features by using a project's unique address as the email when signing up for Slack, which would send a confirmation email, which would create a new issue or merge request on the project owned by the attacker, allowing them to click the |