Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens

From thehackernews.com

Travis CI API Bug

An unpatched security issue in the Travis CI API has left tens of thousands of developers’ user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks.

“More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other credentials associated with popular cloud service providers such as GitHub, AWS, and Docker Hub,” researchers from cloud security firm Aqua said in a Monday report.

Read more…