Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens

14 June 2022

An unpatched security issue in the Travis CI API has left tens of thousands of developers’ user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. “More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other credentials associated with popular cloud service providers such as GitHub, AWS, and Docker Hub,”

Read full article on The Hacker News

Date:

14 June 2022

Categorie(s):

NEWS

Tag(s):

IT, News, Travis, Users

What is cybersecurity mesh architecture (CSMA)?3 May 2024
97% of security leaders have increased SaaS security budgets3 May 2024
New infosec products of the week: May 3, 20243 May 2024
Chinese government website security is often worryingly bad, say Chinese researchers3 May 2024
Security Excellence Awards – winners revealed!3 May 2024