Economy

Travis CI flaw exposed secrets of thousands of open source projects

Photo of September 14, 2021
0 59 Less than a minute

Enlarge (credit: Getty Images)

A security flaw in Travis CI potentially exposed the secrets of thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open source projects and 600,000 users. A vulnerability in the tool made it possible for secure environment variables—signing keys, access credentials, and API tokens of all public open source projects—to be exfiltrated.

Worse, the dev community is upset about the poor handling of the vulnerability disclosure process and the brief “security bulletin” it had to force out of Travis.

Environment variables injected into pull request builds

Travis CI is a popular software-testing tool due to its seamless integration with GitHub and Bitbucket. As the makers of the tool explain:

Read 15 remaining paragraphs | Comments

Photo of

Related Articles

Photo of Disney’s new neural network can change an actor’s age with ease

Disney’s new neural network can change an actor’s age with ease

November 30, 2022
Photo of Microsoft digital certificates have once again been abused to sign malware

Microsoft digital certificates have once again been abused to sign malware

December 13, 2022
Photo of Ransomware sent North Carolina A&T University scrambling to restore services

Ransomware sent North Carolina A&T University scrambling to restore services

April 8, 2022
Photo of Only iPhones that can’t run iOS 16 are getting new iOS 15 updates

Only iPhones that can’t run iOS 16 are getting new iOS 15 updates

December 13, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *

© Copyright 2024, GreatRetirementDelight.com All Rights Reserved   
Back to top button
Close
Close