Travis CI, a Berlin-based continuous integration vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials, putting thousands of organizations potentially at risk.
See Also: A Guide to Passwordless Anywhere
The company is coming under criticism for not describing in more detail the security issue given the potential impacts.
Travis CI has patched the flaw, which is tracked as CVE-2021-41077. It has advised that organizations should change their secrets immediately.
The vulnerability, which was discovered by Felix Lange, was reported to Travis CI on Sept. 7, Szilagyi tweeted. Travis CI says it began patching the issue on Sept. 3, which would indicate it had ...
Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE