Between the 3 Sept and 10 Sept, secure env vars of *all* public ... • Aaron Parecki

41°F

Péter Szilágyi (karalabe.eth) https://twitter.com/peter_szilagyi

Between the 3 Sept and 10 Sept, secure env vars of *all* public @travisci repositories were injected into PR builds. Signing keys, access creds, API tokens.

Anyone could exfiltrate these and gain lateral movement into 1000s of orgs. #security 1/4

https://travis-ci.community/t/security-bulletin/12081

Portland, Oregon • 61°F

Tue, Sep 14, 2021 5:15am +00:00 (liked on Tue, Sep 14, 2021 9:54am -07:00) #security

Have you written a response to this? Let me know the URL:

Posted in /likes using quill.p3k.io