Navigation
Recherche
|
Travis CI flaw exposed secrets of thousands of open source projects (ars technica)
jeudi 16 septembre 2021, 17:42 , par LWN.net
This
ars technica article describes a problem with the Travis continuous-integration service: A security flaw in Travis CI potentially exposed the secrets of thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open source projects and 600,000 users. A vulnerability in the tool made it possible for secure environment variables—signing keys, access credentials, and API tokens of all public open source projects—to be exfiltrated. Any project storing secrets in this service would be well advised to replace them.
https://lwn.net/Articles/869388/rss
|
56 sources (32 en français)
Date Actuelle
sam. 27 avril - 04:36 CEST
|