Travis CI, a continuous integration and continuous delivery (CI/CD) service for cloud platform projects, admitted to an issue in a post on its community forums.
Any public repository forked from another one could file a pull request (standard functionality e.g in GitHub, BitBucket, Assembla) and while doing it, obtain unauthorized access to secret from the original public repository with a condition of printing some of the flies during the build process.
The vendor resolved the underlying problem with a series of security patches, ans urged the users to change to their passcodes and authentication tokens as a precaution.
"id": "TRA222827123",
"linkid": "travis-ci",
"type": "Vulnerability",
"date": "09/2021",
"severity": "50",
"impact": "1",
"explanation": "Attack without any consequences"