Navigation
Search
|
Travis CI flaw exposed secrets of thousands of open source projects (ars technica)
Thursday September 16, 2021. 05:42 PM , from LWN.net
This
ars technica article describes a problem with the Travis continuous-integration service: A security flaw in Travis CI potentially exposed the secrets of thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open source projects and 600,000 users. A vulnerability in the tool made it possible for secure environment variables—signing keys, access credentials, and API tokens of all public open source projects—to be exfiltrated. Any project storing secrets in this service would be well advised to replace them.
https://lwn.net/Articles/869388/rss
|
25 sources
Current Date
Apr, Sat 27 - 03:05 CEST
|