Travis CI

Travis CI, a continuous integration and continuous delivery (CI/CD) service for cloud platform projects, admitted to an issue in a post on its community forums.

Any public repository forked from another one could file a pull request (standard functionality e.g in GitHub, BitBucket, Assembla) and while doing it, obtain unauthorized access to secret from the original public repository with a condition of printing some of the flies during the build process.

The vendor resolved the underlying problem with a series of security patches, ans urged the users to change to their passcodes and authentication tokens as a precaution.

Source: https://portswigger.net/daily-swig/credential-leak-fears-raised-following-security-breach-at-travis-ci

"id": "TRA222827123",
"linkid": "travis-ci",
"type": "Vulnerability",
"date": "09/2021",
"severity": "50",
"impact": "1",
"explanation": "Attack without any consequences"