Follow

RT @peter_szilagyi@twitter.com

Between the 3 Sept and 10 Sept, secure env vars of *all* public @travisci@twitter.com repositories were injected into PR builds. Signing keys, access creds, API tokens.

Anyone could exfiltrate these and gain lateral movement into 1000s of orgs. 1/4

travis-ci.community/t/security

🐦🔗: twitter.com/peter_szilagyi/sta

· · Mastodon Twitter Crossposter · 0 · 0 · 0
Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!