Databreach Today -
Access Management , DevSecOps , Identity & Access Management
Critics Say Travis CI’s Security Bulletin is Insufficient Jeremy Kirk (jeremy_kirk) • September 15, 2021
Travis CI, a Berlin-based continuous integration vendor, has patched a serious flaw that exposed signing keys, API keys and access credentials, putting thousands of organizations potentially at risk.
See Also: A Guide to Passwordless Anywhere
The company is coming under criticism for not describing in more detail the security issue given the potential impacts.
“Anyone could exfiltrate these [secrets] and gain lateral movement into 1000s of orgs,” tweets Peter Szilagyi, who is the team lead for the Ethereum cryptocurrency project.
Travis CI has patched the flaw, which is tracked as CVE-2021-41077. It has advised that organizations should change their secrets immediately.
The vulnerability, which was discovered by Felix Lange, was reported to Travis CI on