Tech »  Topic »  Travis CI Flaw Exposed Secrets From Public Repositories

Travis CI Flaw Exposed Secrets From Public Repositories


Critics Say Travis CI's Security Bulletin is Insufficient Jeremy Kirk (jeremy_kirk) • September 15, 2021

Travis CI, a Berlin-based continuous integration vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials, putting thousands of organizations potentially at risk.

See Also: A Guide to Passwordless Anywhere

The company is coming under criticism for not describing in more detail the security issue given the potential impacts.

"Anyone could exfiltrate these [secrets] and gain lateral movement into 1000s of orgs," tweets Peter Szilagyi, who is the team lead for the Ethereum cryptocurrency project.

Travis CI has patched the flaw, which is tracked as CVE-2021-41077. It has advised that organizations should change their secrets immediately.

The vulnerability, which was discovered by Felix Lange, was reported to Travis CI on Sept. 7, Szilagyi tweeted. Travis CI says it began patching the issue on Sept. 3, which would indicate it had ...


Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE