Travis CI flaw exposed secrets for thousands of open source projects

6 days ago 14
ARTICLE AD BOX
Travis CI flaw exposed secrets for thousands of unfastened  root   projects

Enlarge (credit: Getty Images)

A information flaw successful Travis CI perchance exposed secrets for thousands of unfastened root projects that trust connected the hosted continuous integration service. Travis CI is simply a software-testing solution utilized by implicit 900,000 unfastened root projects and 600,000 users. However, a vulnerability successful the instrumentality made it imaginable for unafraid situation variables—signing keys, entree credentials, and API tokens of each nationalist unfastened root projects—to beryllium exfiltrated.

And, worse, the dev assemblage is upset astir the mediocre handling of the vulnerability disclosure process and a thinly worded "security bulletin" it had to unit retired of Travis.

Environment variables injected into PR builds

Travis CI remains a fashionable prime of software-testing instrumentality among developers owed to its seamless integration with GitHub and Bitbucket. As the makers of the instrumentality explain it themselves:

Read 16 remaining paragraphs | Comments

Read Entire Article