Travis CI login credentials could have been exposed
The Travis CI platform, used for software compilation and testing tasks, has disclosed a vulnerability, CVE-2021-41077, whereby user credentials, such as API keys and access tokens, could have been exposed to cybercriminals.
The vulnerability has already fixed eight days after its detection, however, all users of the platform are advised to rotate their credentials for security.
References:
- 13/09/2021 travis-ci.community Security Bulletin
- 13/09/2021 blog.travis-ci.com Security Bulletin
- 14/09/2021 arstechnica.com Travis CI flaw exposed secrets of thousands of open source projects
- 14/09/2021 unaaldia.hispasec.com Vulnerabilidad en Travis CI expone credenciales secretas